VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Attack Vector (AV) | Network | Adjacent | Local | Physical |
---|---|---|---|---|
Attack Complexity (AC) | LOW | High | ||
Privileges Required (PR) | None | Low | High | |
User Interaction (UI) | None | Required | ||
Scope (S) | Unchange | Change | ||
Confidentiality (C) | None | Low | High | |
Integrity (I) | None | Low | High | |
Availability (A) | None | Low | High |
Attack Vector (AV) | Network | Adjacent | Local |
---|---|---|---|
Access Complexity (AC) | Low | Medium | High |
Authentication (Au) | None | Single | Multiple |
Confidentiality (C) | None | Parical | Complete |
Integrity (I) | None | Partial | Complete |
Availability (A) | None | Partial | Complete |
CVE Infomation | Exploits or more Infomation |
---|---|
mitre | EXPLOIT DATABASE |
NVD | 0day.today |
vulmon.com | github |
CVE Details | |
JVN ENG JPN | |
Reconshell |
Software Tag: BIG-IP(1 tweets) Java(1 tweets) Linux(1 tweets) Oracle(1 tweets) VMware(292 tweets) Windows(2 tweets) Wordpress(37 tweets)
List of frequently cited URLs
List of frequently cited URLs
Name | URL |
---|---|
horizon3ai/CVE-2022-22972 | https://github.com/horizon3ai/CVE-2022-22972 |
Dghpi9/CVE-2022-22972 | https://github.com/Dghpi9/CVE-2022-22972 |
Name | URL |
---|---|
horizon3ai/CVE-2022-22972 | github.com |
Dghpi9/CVE-2022-22972 | github.com |