PT-2022-3966 · Vmware · Identity Manager+2

Published

2022-08-02

Updated

2023-08-08

CVE-2022-31656

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions VMware Workspace ONE Access, Identity Manager and vRealize Automation (affected versions not specified)

Description The issue is related to an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2022-04799

CVE-2022-31656

Affected Products

Identity Manager

Vmware Workspace One Access

Vrealize Automation

PT-2022-3966 · Vmware · Identity Manager+2

CVE-2022-31656

Weakness Enumeration

Related Identifiers

Affected Products

References · 17