Vulnerability Details CVE-2022-22957
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.437
EPSS Ranking 97.3%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html
- https://www.vmware.com/security/advisories/VMSA-2022-0011.html
- http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html
- https://www.vmware.com/security/advisories/VMSA-2022-0011.html
Products affected by CVE-2022-22957
-
cpe:2.3:a:vmware:cloud_foundation:3.0
-
cpe:2.3:a:vmware:cloud_foundation:3.0.1
-
cpe:2.3:a:vmware:cloud_foundation:3.0.1.1
-
cpe:2.3:a:vmware:cloud_foundation:3.10
-
cpe:2.3:a:vmware:cloud_foundation:3.10.1
-
cpe:2.3:a:vmware:cloud_foundation:3.10.1.1
-
cpe:2.3:a:vmware:cloud_foundation:3.10.1.2
-
cpe:2.3:a:vmware:cloud_foundation:3.10.2.1
-
cpe:2.3:a:vmware:cloud_foundation:3.10.2.2
-
cpe:2.3:a:vmware:cloud_foundation:3.11
-
cpe:2.3:a:vmware:cloud_foundation:3.11.0.1
-
cpe:2.3:a:vmware:cloud_foundation:3.5
-
cpe:2.3:a:vmware:cloud_foundation:3.5.1
-
cpe:2.3:a:vmware:cloud_foundation:3.7
-
cpe:2.3:a:vmware:cloud_foundation:3.7.1
-
cpe:2.3:a:vmware:cloud_foundation:3.7.2
-
cpe:2.3:a:vmware:cloud_foundation:3.8
-
cpe:2.3:a:vmware:cloud_foundation:3.8.1
-
cpe:2.3:a:vmware:cloud_foundation:3.9
-
cpe:2.3:a:vmware:cloud_foundation:3.9.1
-
cpe:2.3:a:vmware:cloud_foundation:4.0
-
cpe:2.3:a:vmware:cloud_foundation:4.0.1
-
cpe:2.3:a:vmware:cloud_foundation:4.1
-
cpe:2.3:a:vmware:cloud_foundation:4.1.0.1
-
cpe:2.3:a:vmware:cloud_foundation:4.2
-
cpe:2.3:a:vmware:cloud_foundation:4.2.1
-
cpe:2.3:a:vmware:cloud_foundation:4.3
-
cpe:2.3:a:vmware:cloud_foundation:4.3.1
-
cpe:2.3:a:vmware:cloud_foundation:4.3.11
-
cpe:2.3:a:vmware:cloud_foundation:4.4
-
cpe:2.3:a:vmware:cloud_foundation:4.4.1
-
cpe:2.3:a:vmware:cloud_foundation:4.4.1.1
-
cpe:2.3:a:vmware:cloud_foundation:4.5
-
cpe:2.3:a:vmware:cloud_foundation:4.5.1
-
cpe:2.3:a:vmware:cloud_foundation:4.5.2
-
cpe:2.3:a:vmware:identity_manager:3.3.3
-
cpe:2.3:a:vmware:identity_manager:3.3.4
-
cpe:2.3:a:vmware:identity_manager:3.3.5
-
cpe:2.3:a:vmware:identity_manager:3.3.6
-
cpe:2.3:a:vmware:vrealize_automation:7.6
-
cpe:2.3:a:vmware:vrealize_automation:8.0
-
cpe:2.3:a:vmware:vrealize_automation:8.1
-
cpe:2.3:a:vmware:vrealize_automation:8.2
-
cpe:2.3:a:vmware:vrealize_automation:8.3
-
cpe:2.3:a:vmware:vrealize_automation:8.4
-
cpe:2.3:a:vmware:vrealize_automation:8.5
-
cpe:2.3:a:vmware:vrealize_automation:8.6
-
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0
-
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1
-
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1
-
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2
-
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3
-
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4
-
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1
-
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6
-
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6.1
-
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6.2
-
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.7
-
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.8
-
cpe:2.3:a:vmware:workspace_one_access:20.10.0.0
-
cpe:2.3:a:vmware:workspace_one_access:20.10.0.1
-
cpe:2.3:a:vmware:workspace_one_access:21.08.0.0
-
cpe:2.3:a:vmware:workspace_one_access:21.08.0.1
-
cpe:2.3:o:linux:linux_kernel:-