CVE-2022-22958

Name of the Vulnerable Software and Affected Versions VMware Workspace ONE Access (affected versions not specified) VMware vRealize Automation (affected versions not specified) VMware Identity Manager (vIDM) (affected versions not specified) VMware Cloud Foundation (affected versions not specified) vRealize Suite Lifecycle Manager (affected versions not specified)

Description The issue is related to deficiencies in the deserialization mechanism of the affected VMware products. Exploitation of this issue may allow a remote attacker to execute arbitrary code by transmitting specially crafted data through a JDBC URI.

Recommendations For VMware Workspace ONE Access, consider restricting access to the deserialization mechanism until a patch is available. For VMware vRealize Automation, restrict access to the vulnerable components to minimize the risk of exploitation. For VMware Identity Manager (vIDM), avoid using the deserialization mechanism in the administration console until the issue is resolved. For VMware Cloud Foundation, consider disabling the vulnerable features related to deserialization as a temporary workaround. For vRealize Suite Lifecycle Manager, restrict the use of the deserialization mechanism in the lifecycle management process until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.