Vulnerability Details CVE-2022-31663
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.4%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2022-31663
-
cpe:2.3:a:vmware:access_connector:21.08.0.0
-
cpe:2.3:a:vmware:access_connector:21.08.0.1
-
cpe:2.3:a:vmware:access_connector:22.05
-
cpe:2.3:a:vmware:identity_manager:3.3.4
-
cpe:2.3:a:vmware:identity_manager:3.3.5
-
cpe:2.3:a:vmware:identity_manager:3.3.6
-
cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.4
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.5
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.6
-
cpe:2.3:a:vmware:one_access:21.08.0.0
-
cpe:2.3:a:vmware:one_access:21.08.0.1
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-