VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
2022-04-13T18:15:13.087
2024-11-21T06:47:41.020
Modified
CVSSv3.1: 7.2 (HIGH)
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | vmware | cloud_foundation | < 5.0 | Yes |
| Application | vmware | identity_manager | 3.3.3 | Yes |
| Application | vmware | identity_manager | 3.3.4 | Yes |
| Application | vmware | identity_manager | 3.3.5 | Yes |
| Application | vmware | identity_manager | 3.3.6 | Yes |
| Application | vmware | vrealize_automation | < 9.0 | Yes |
| Application | vmware | vrealize_automation | 7.6 | Yes |
| Application | vmware | vrealize_suite_lifecycle_manager | < 9.0 | Yes |
| Application | vmware | workspace_one_access | 20.10.0.0 | Yes |
| Application | vmware | workspace_one_access | 20.10.0.1 | Yes |
| Application | vmware | workspace_one_access | 21.08.0.0 | Yes |
| Application | vmware | workspace_one_access | 21.08.0.1 | Yes |
| Operating System | linux | linux_kernel | - | No |