Lucene search

[email protected]NVD:CVE-2022-31663

HistoryAug 05, 2022 - 4:15 p.m.

CVE-2022-31663

2022-08-0516:15:12

CWE-79

[email protected]

web.nvd.nist.gov

vmware

xss

vulnerability

workspace one access

identity manager

vrealize automation

user input

javascript code

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.1%

JSON

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user’s window.

Affected configurations

NVD

Node

vmwareidentity_managerMatch3.3.4

vmwareidentity_managerMatch3.3.5

vmwareidentity_managerMatch3.3.6

vmwareone_accessMatch21.08.0.0

vmwareone_accessMatch21.08.0.1

AND

linuxlinux_kernelMatch-

Node

vmwareaccess_connectorMatch21.08.0.0

vmwareaccess_connectorMatch21.08.0.1

vmwareaccess_connectorMatch22.05

vmwareidentity_manager_connectorMatch3.3.4

vmwareidentity_manager_connectorMatch3.3.5

vmwareidentity_manager_connectorMatch3.3.6

vmwareidentity_manager_connectorMatch19.03.0.1

AND

microsoftwindowsMatch-

References

www.vmware.com/security/advisories/VMSA-2022-0021.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.1%

JSON

Related for NVD:CVE-2022-31663

prion1 cve1 cvelist1 thn1 vmware2 nessus1