CVE-2022-22957

Name of the Vulnerable Software and Affected Versions VMware Workspace ONE Access (affected versions not specified) VMware vRealize Automation (affected versions not specified) VMware Identity Manager (vIDM) (affected versions not specified) VMware Cloud Foundation (affected versions not specified) vRealize Suite Lifecycle Manager (affected versions not specified)

Description The issue is related to deficiencies in the deserialization mechanism of the affected VMware products. Exploitation of this issue may allow a remote attacker to execute arbitrary code by transmitting specially crafted data through a JDBC URI.

Recommendations For VMware Workspace ONE Access, update to a version that includes a fix for the deserialization mechanism issue. For VMware vRealize Automation, update to a version that includes a fix for the deserialization mechanism issue. For VMware Identity Manager (vIDM), update to a version that includes a fix for the deserialization mechanism issue. For VMware Cloud Foundation, update to a version that includes a fix for the deserialization mechanism issue. For vRealize Suite Lifecycle Manager, update to a version that includes a fix for the deserialization mechanism issue.