ID CVE-2022-31661
Summary VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 08-08-2023 - 14:22
Published 05-08-2022 - 16:15
Last modified 08-08-2023 - 14:22
Back to Top