CVE-2022-22960

Name of the Vulnerable Software and Affected Versions VMware Workspace ONE Access versions (affected versions not specified) VMware Cloud Foundation versions (affected versions not specified) VMware vRealize Automation versions (affected versions not specified) vRealize Suite Lifecycle Manager versions (affected versions not specified) VMware Identity Manager (vIDM) versions (affected versions not specified)

Description The issue is related to improper use of standard permissions, allowing an attacker to escalate privileges using a specially crafted HTTP request. A malicious actor with local access can exploit this to gain 'root' privileges due to improper permissions in support scripts.

Recommendations For VMware Workspace ONE Access, consider restricting access to support scripts until a fix is available. For VMware Cloud Foundation, restrict access to vulnerable components to minimize the risk of exploitation. For VMware vRealize Automation, disable or limit the use of support scripts that may be used for privilege escalation. For vRealize Suite Lifecycle Manager, apply configuration changes to properly set permissions for support scripts. For VMware Identity Manager (vIDM), restrict local access to prevent potential privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.