CVE-2022-22972

Description from NVD

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

Information Acquisition Date:2022-05-31T16:40Z
CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD References

 https://www.vmware.com/security/advisories/VMSA-2022-0014.html
     source:MISC
     tags:Vendor Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: VMware(2 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://thehac177
https://cvetrends.com50
http://twinybots.ch42
http://cyberiqs.com/latestnews39
https://opsmtrs.com/2ZFbaTl8
https://thehackernews.com/2022/05/vmware-releases-patches-f...8
http://github.com/gobysec/GobyVuls6
http://Horizon3.ai6
https://www.helpnetsecurity.com/2022/05/19/cve-2022-229726
https://www.redpacketsecurity.com/vmware-workspace-one-acce...6
http://t.me/gobies5
https://ift.tt/rm6AbfK4
https://blog.assetnote.io/2022/05/27/understanding-cve-2022...4
https://www.securityweek.com/exploitation-vmware-vulnerabil...4
https://www.bleepingcomputer.com/news/security/researchers-...4
https://bit.ly/3wQH7WN3
https://twitter.com/Horizon3Attack/status/15289355313331773443
https://attackerkb.com/topics/Ur2L7rHv2F/cve-2022-22972/rap...3
https://www.vmware.com/security/advisories/VMSA-2022-0014.html3
https://www.horizon3.ai/vmware-authentication-bypass-vulner...3
https://tweetedtimes.com/Pentest101MX?s=tnp3
https://securityaffairs.co/wordpress/131436/security/cisa-o...3
https://noticiasseguridad.com/vulnerabilidades/codigo-de-ex...3
https://www.clone-systems.com/purchase-pci-compliance-scanning3

Information from Twitter

User URL Info Source Date
ProtegeEmpresa https://www.incibe-cert.es/alerta-temprana/avisos-seguridad... Source ProtegeEmpresa   1622562833786458113 2023/02/06
incibe_cert https://www.incibe-cert.es/alerta-temprana/avisos-seguridad... Source incibe_cert      1622571495997247488 2023/02/06

List of frequently cited URLs

URLNum of Times Referred to
thehac177
cvetrends.com50
twinybots.ch42
cyberiqs.com39
opsmtrs.com8
thehackernews.com8
github.com6
Horizon3.ai6
www.helpnetsecurity.com6
www.redpacketsecurity.com6
t.me5
ift.tt4
blog.assetnote.io4
www.securityweek.com4
www.bleepingcomputer.com4
bit.ly3
twitter.com3
attackerkb.com3
www.vmware.com3
www.horizon3.ai3
tweetedtimes.com3
securityaffairs.co3
noticiasseguridad.com3
www.clone-systems.com3

Information from Twitter

User URL Info Source
ProtegeEmpresa incibe-cert.es Show Tweet
incibe_cert incibe-cert.es Show Tweet

GitHub Search Results: Up to 10
NameURL
horizon3ai/CVE-2022-22972 https://github.com/horizon3ai/CVE-2022-22972
Dghpi9/CVE-2022-22972 https://github.com/Dghpi9/CVE-2022-22972

GitHub Search Results: Up to 10
NameURL
horizon3ai/CVE-2022-22972 github.com
Dghpi9/CVE-2022-22972 github.com

2023/02/06 Score : 0
Added Har-sia Database : 2022/05/19
Last Modified : 2023/02/06
Highest Scored Date : 2022/05/27
Highest Score : 125