VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
| Attack Vector (AV) | Network | Adjacent | Local | Physical |
|---|---|---|---|---|
| Attack Complexity (AC) | LOW | High | ||
| Privileges Required (PR) | None | Low | High | |
| User Interaction (UI) | None | Required | ||
| Scope (S) | Unchange | Change | ||
| Confidentiality (C) | None | Low | High | |
| Integrity (I) | None | Low | High | |
| Availability (A) | None | Low | High |
| Attack Vector (AV) | Network | Adjacent | Local |
|---|---|---|---|
| Access Complexity (AC) | Low | Medium | High |
| Authentication (Au) | None | Single | Multiple |
| Confidentiality (C) | None | Parical | Complete |
| Integrity (I) | None | Partial | Complete |
| Availability (A) | None | Partial | Complete |
| CVE Infomation | Exploits or more Infomation |
|---|---|
| mitre | EXPLOIT DATABASE |
| NVD | 0day.today |
| vulmon.com | github |
| CVE Details | |
| JVN ENG JPN | |
| Reconshell |
Software Tag: BIG-IP(1 tweets) Java(1 tweets) Linux(1 tweets) Oracle(1 tweets) VMware(292 tweets) Windows(2 tweets) Wordpress(37 tweets)
List of frequently cited URLs
List of frequently cited URLs
| Name | URL |
|---|---|
| horizon3ai/CVE-2022-22972 | https://github.com/horizon3ai/CVE-2022-22972 |
| Dghpi9/CVE-2022-22972 | https://github.com/Dghpi9/CVE-2022-22972 |
| Name | URL |
|---|---|
| horizon3ai/CVE-2022-22972 | github.com |
| Dghpi9/CVE-2022-22972 | github.com |