Vulnerability Details CVE-2022-31656
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.184
EPSS Ranking 96.9%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2022-31656
-
cpe:2.3:a:vmware:access_connector:21.08.0.0
-
cpe:2.3:a:vmware:access_connector:21.08.0.1
-
cpe:2.3:a:vmware:access_connector:22.05
-
cpe:2.3:a:vmware:identity_manager:3.3.4
-
cpe:2.3:a:vmware:identity_manager:3.3.5
-
cpe:2.3:a:vmware:identity_manager:3.3.6
-
cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.4
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.5
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.6
-
cpe:2.3:a:vmware:one_access:21.08.0.0
-
cpe:2.3:a:vmware:one_access:21.08.0.1
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-