CVE-2022-22957
First published: Wed Apr 13 2022(Updated: )
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Cloud Foundation | >=3.0<5.0 | |
| VMware Identity Manager | =3.3.3 | |
| VMware Identity Manager | =3.3.4 | |
| VMware Identity Manager | =3.3.5 | |
| VMware Identity Manager | =3.3.6 | |
| VMware vRealize Automation | >=8.0<9.0 | |
| VMware vRealize Automation | =7.6 | |
| Vmware Vrealize Suite Lifecycle Manager | >=8.0<9.0 | |
| VMware Workspace ONE Access | =20.10.0.0 | |
| VMware Workspace ONE Access | =20.10.0.1 | |
| VMware Workspace ONE Access | =21.08.0.0 | |
| VMware Workspace ONE Access | =21.08.0.1 | |
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What are the vulnerabilities identified in this advisory?
The vulnerabilities identified in this advisory are CVE-2022-22957 and CVE-2022-22958.
What is the severity rating for CVE-2022-22957?
The severity rating for CVE-2022-22957 is 7.2 (High).
What is the affected software for CVE-2022-22957?
The affected software for CVE-2022-22957 includes VMware Workspace ONE Access, Identity Manager, and vRealize Automation.
How can a malicious actor exploit CVE-2022-22957?
A malicious actor with administrative access can exploit CVE-2022-22957 by triggering deserialization of untrusted data through a malicious JDBC URI.
Where can I find additional information about CVE-2022-22957?
You can find additional information about CVE-2022-22957 in the VMware security advisory VMSA-2022-0011.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware cloud foundation
- version/vmware cloud foundation/3.0
- canonical/vmware identity manager
- version/vmware identity manager/3.3.3
- version/vmware identity manager/3.3.4
- version/vmware identity manager/3.3.5
- version/vmware identity manager/3.3.6
- canonical/vmware vrealize automation
- version/vmware vrealize automation/8.0
- version/vmware vrealize automation/7.6
- canonical/vmware vrealize suite lifecycle manager
- version/vmware vrealize suite lifecycle manager/8.0
- canonical/vmware workspace one access
- version/vmware workspace one access/20.10.0.0
- version/vmware workspace one access/20.10.0.1
- version/vmware workspace one access/21.08.0.0
- version/vmware workspace one access/21.08.0.1
- vendor/linux
- canonical/linux linux kernel