Vulners
Lucene search
CVE-2022-31664
🗓️ 05 Aug 2022 15:06:15Reported by vmwareType 
cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 140 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
 | CVE-2022-31664 | 5 Aug 202216:15 | – | attackerkb |
 | 多款VMware产品安全漏洞 | 5 Aug 202200:00 | – | cnnvd |
 | CVE-2022-31664 | 5 Aug 202215:06 | – | cvelist |
 | EUVD-2022-53098 | 3 Oct 202520:07 | – | euvd |
 | Update now! VMWare patches critical vulnerabilities in several products | 3 Aug 202213:27 | – | malwarebytes |
| Update now! VMWare patches critical vulnerabilities in several products | 3 Aug 202213:00 | – | malwarebytes |
 | Vulnerabilities fixed in VMware products | 3 Aug 202200:00 | – | ncsc |
 | CVE-2022-31664 | 5 Aug 202216:15 | – | nvd |
 | CVE-2022-31664 | 5 Aug 202216:15 | – | osv |
 | Privilege escalation | 5 Aug 202216:15 | – | prion |
10
Node
OROROROR
Node
OROROROROROR
[
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6"
}
]
}
]| Source | Link |
|---|---|
| vmware | www.vmware.com/security/advisories/VMSA-2022-0021.html |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| username | request body | /cfg/j_security_check | Admin-authenticated JDBC injection path used to login and trigger further exploitation. | |
| password | request body | /cfg/j_security_check | Admin-authenticated JDBC injection path used to login and trigger further exploitation. | |
| jdbcurl | request body | /cfg/setup/test | Test database connection via JDBC; part of the chain enabling deserialization-based RCE via crafted JDBC URL. | |
| dbUsername | request body | /cfg/setup/test | Test database connection via JDBC; part of the chain enabling deserialization-based RCE via crafted JDBC URL. | |
| dbPassword | request body | /cfg/setup/test | Test database connection via JDBC; part of the chain enabling deserialization-based RCE via crafted JDBC URL. | |
| encryptConnection | request body | /cfg/setup/test | Test database connection via JDBC; part of the chain enabling deserialization-based RCE via crafted JDBC URL. | |
| --check | path | /usr/local/horizon/scripts/ntpServer.hzn | Privilege escalation flaw: ntpServer.hzn can be invoked via NOPASSWD sudo, enabling LPE by manipulating script behavior. | |
| <ntp_server> | path | /usr/local/horizon/scripts/ntpServer.hzn | Privilege escalation flaw: ntpServer.hzn can be invoked via NOPASSWD sudo, enabling LPE by manipulating script behavior. |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Nov 2024 07:05Current
8.7High risk
Vulners AI Score8.7
CVSS 3.17.8
EPSS0.00167