Vulnerability Details CVE-2022-31657
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.4%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2022-31657
-
cpe:2.3:a:vmware:access_connector:21.08.0.0
-
cpe:2.3:a:vmware:access_connector:21.08.0.1
-
cpe:2.3:a:vmware:access_connector:22.05
-
cpe:2.3:a:vmware:identity_manager:3.3.4
-
cpe:2.3:a:vmware:identity_manager:3.3.5
-
cpe:2.3:a:vmware:identity_manager:3.3.6
-
cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.4
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.5
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.6
-
cpe:2.3:a:vmware:one_access:21.08.0.0
-
cpe:2.3:a:vmware:one_access:21.08.0.1
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-