Vulners
Lucene search
CVE-2022-31664
🗓️ 05 Aug 2022 15:06:15Reported by vmwareType 
cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 148 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
 | CVE-2022-31664 | 5 Aug 202216:15 | – | attackerkb |
 | The vulnerability of the VMware Workspace One Access application management platform, the VMware Identity Manager administration console, and the VMware vRealize Automation virtual infrastructure management tools is related to deficiencies in access control. This allows a malicious individual to elevate their privileges to the root level. | 10 Aug 202200:00 | – | bdu_fstec |
 | 多款VMware产品安全漏洞 | 5 Aug 202200:00 | – | cnnvd |
 | CVE-2022-31664 | 5 Aug 202215:06 | – | cvelist |
 | EUVD-2022-53098 | 3 Oct 202520:07 | – | euvd |
 | Update now! VMWare patches critical vulnerabilities in several products | 3 Aug 202213:27 | – | malwarebytes |
| Update now! VMWare patches critical vulnerabilities in several products | 3 Aug 202213:00 | – | malwarebytes |
 | Vulnerabilities fixed in VMware products | 3 Aug 202200:00 | – | ncsc |
 | CVE-2022-31664 | 5 Aug 202216:15 | – | nvd |
 | CVE-2022-31664 | 5 Aug 202216:15 | – | osv |
10
Node
OROROROR
Node
OROROROROROR
[
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6"
}
]
}
]| Source | Link |
|---|---|
| vmware | www.vmware.com/security/advisories/VMSA-2022-0021.html |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| username | request body | /cfg/j_security_check | Admin authentication endpoint used in PoC to establish a session for further exploitation | CWE-269 |
| password | request body | /cfg/j_security_check | Admin authentication endpoint used in PoC to establish a session for further exploitation | CWE-269 |
| jdbcurl | request body | /cfg/setup/test | JDBC test endpoint exploited via crafted jdbcurl to trigger remote code execution through a deserialization gadget | CWE-502 |
| dbUsername | request body | /cfg/setup/test | JDBC test endpoint exploited via crafted jdbcurl to trigger remote code execution through a deserialization gadget | CWE-502 |
| dbPassword | request body | /cfg/setup/test | JDBC test endpoint exploited via crafted jdbcurl to trigger remote code execution through a deserialization gadget | CWE-502 |
| encryptConnection | request body | /cfg/setup/test | JDBC test endpoint exploited via crafted jdbcurl to trigger remote code execution through a deserialization gadget | CWE-502 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 04:46Current
8.7High risk
Vulners AI Score8.7
CVSS 3.17.8
EPSS0.0033