Vulnerability Details CVE-2022-31656
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.804
EPSS Ranking 99.1%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2022-31656
-
cpe:2.3:a:vmware:access_connector:21.08.0.0
-
cpe:2.3:a:vmware:access_connector:21.08.0.1
-
cpe:2.3:a:vmware:access_connector:22.05
-
cpe:2.3:a:vmware:identity_manager:3.3.4
-
cpe:2.3:a:vmware:identity_manager:3.3.5
-
cpe:2.3:a:vmware:identity_manager:3.3.6
-
cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.4
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.5
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.6
-
cpe:2.3:a:vmware:one_access:21.08.0.0
-
cpe:2.3:a:vmware:one_access:21.08.0.1
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-