Lucene search
HistoryAug 05, 2022 - 4:15 p.m.
CVE-2022-31657
vmware
workspace one
url injection
vulnerability
network access
authenticated user
arbitrary domain
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
52.7%
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.
Affected configurations
Node
vmwareidentity_managerMatch3.3.4
ORvmwareidentity_managerMatch3.3.5
ORvmwareidentity_managerMatch3.3.6
ORvmwareone_accessMatch21.08.0.0
ORvmwareone_accessMatch21.08.0.1
linuxlinux_kernelMatch-
Node
vmwareaccess_connectorMatch21.08.0.0
ORvmwareaccess_connectorMatch21.08.0.1
ORvmwareaccess_connectorMatch22.05
ORvmwareidentity_manager_connectorMatch3.3.4
ORvmwareidentity_manager_connectorMatch3.3.5
ORvmwareidentity_manager_connectorMatch3.3.6
ORvmwareidentity_manager_connectorMatch19.03.0.1
microsoftwindowsMatch-
Related
prion
prion
Design/Logic Flaw
2022-08-05 16:15:00
cve
cve
CVE-2022-31657
2022-08-05 16:15:12
cvelist
cvelist
CVE-2022-31657
2022-08-05 15:07:39
threatpost
threatpost
VMWare Urges Users to Patch Critical Authentication Bypass Bug
2022-08-03 15:23:16
nessus
nessus
vmware
vmware
thn
thn
VMware Releases Patches for Several New Flaws Affecting Multiple Products
2022-08-03 04:49:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
52.7%
Related for NVD:CVE-2022-31657