CVE-2022-22972
First published: Fri May 20 2022(Updated: )
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Credit: security@vmware.com security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Identity Manager | =3.3.3 | |
| VMware Identity Manager | =3.3.4 | |
| VMware Identity Manager | =3.3.5 | |
| VMware Identity Manager | =3.3.6 | |
| VMware vRealize Automation | =7.6 | |
| VMware Workspace ONE Access | =20.10.0.0 | |
| VMware Workspace ONE Access | =20.10.0.1 | |
| VMware Workspace ONE Access | =21.08.0.0 | |
| VMware Workspace ONE Access | =21.08.0.1 | |
| Linux Kernel | ||
| VMware Cloud Foundation | =3.0 | |
| VMware Cloud Foundation | =3.0.1 | |
| VMware Cloud Foundation | =3.0.1.1 | |
| VMware Cloud Foundation | =3.5 | |
| VMware Cloud Foundation | =3.5.1 | |
| VMware Cloud Foundation | =3.7 | |
| VMware Cloud Foundation | =3.7.1 | |
| VMware Cloud Foundation | =3.7.2 | |
| VMware Cloud Foundation | =3.8 | |
| VMware Cloud Foundation | =3.8.1 | |
| VMware Cloud Foundation | =3.9 | |
| VMware Cloud Foundation | =3.9.1 | |
| VMware Cloud Foundation | =3.10 | |
| VMware Cloud Foundation | =3.10.1 | |
| VMware Cloud Foundation | =3.10.1.1 | |
| VMware Cloud Foundation | =3.10.1.2 | |
| VMware Cloud Foundation | =3.10.2.1 | |
| VMware Cloud Foundation | =3.10.2.2 | |
| VMware Cloud Foundation | =3.11 | |
| VMware Cloud Foundation | =3.11.0.1 | |
| VMware Cloud Foundation | =4.0 | |
| VMware Cloud Foundation | =4.0.1 | |
| VMware Cloud Foundation | =4.1 | |
| VMware Cloud Foundation | =4.1.0.1 | |
| VMware Cloud Foundation | =4.2 | |
| VMware Cloud Foundation | =4.2.1 | |
| VMware Cloud Foundation | =4.3 | |
| VMware Cloud Foundation | =4.3.1 | |
| VMware vRealize Suite Lifecycle Manager | =8.0 | |
| VMware vRealize Suite Lifecycle Manager | =8.0.1 | |
| VMware vRealize Suite Lifecycle Manager | =8.1 | |
| VMware vRealize Suite Lifecycle Manager | =8.2 | |
| VMware vRealize Suite Lifecycle Manager | =8.2-patch1 | |
| VMware vRealize Suite Lifecycle Manager | =8.2-patch2 | |
| VMware vRealize Suite Lifecycle Manager | =8.2-patch3 | |
| VMware vRealize Suite Lifecycle Manager | =8.3 | |
| VMware vRealize Suite Lifecycle Manager | =8.3-patch1 | |
| VMware vRealize Suite Lifecycle Manager | =8.3-patch2 | |
| VMware vRealize Suite Lifecycle Manager | =8.3-patch3 | |
| VMware vRealize Suite Lifecycle Manager | =8.4 | |
| VMware vRealize Suite Lifecycle Manager | =8.4-patch1 | |
| VMware vRealize Suite Lifecycle Manager | =8.4.1 | |
| VMware vRealize Suite Lifecycle Manager | =8.4.1-patch1 | |
| VMware vRealize Suite Lifecycle Manager | =8.4.1-patch2 | |
| VMware vRealize Suite Lifecycle Manager | =8.4.1-patch3 | |
| VMware vRealize Suite Lifecycle Manager | =8.6 | |
| VMware vRealize Suite Lifecycle Manager | =8.6-patch1 | |
| VMware vRealize Suite Lifecycle Manager | =8.6.1 | |
| VMware vRealize Suite Lifecycle Manager | =8.6.2 | |
| VMware vRealize Suite Lifecycle Manager | =8.7 | |
| VMware vRealize Suite Lifecycle Manager | =8.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-22972?
CVE-2022-22972 has been classified as a high severity vulnerability due to the potential for unauthorized administrative access.
How do I fix CVE-2022-22972?
To fix CVE-2022-22972, apply the relevant patches provided by VMware for affected versions of Workspace ONE Access, Identity Manager, and vRealize Automation.
Who is affected by CVE-2022-22972?
Local domain users with network access to the UI are at risk from CVE-2022-22972, enabling possible administrative access without authentication.
What products are affected by CVE-2022-22972?
CVE-2022-22972 affects VMware Workspace ONE Access, Identity Manager, and vRealize Automation across several specific versions.
What kind of vulnerability is CVE-2022-22972 classified as?
CVE-2022-22972 is classified as an authentication bypass vulnerability.
- agent/type
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/vmware
- canonical/vmware identity manager
- version/vmware identity manager/3.3.3
- version/vmware identity manager/3.3.4
- version/vmware identity manager/3.3.5
- version/vmware identity manager/3.3.6
- canonical/vmware vrealize automation
- version/vmware vrealize automation/7.6
- canonical/vmware workspace one access
- version/vmware workspace one access/20.10.0.0
- version/vmware workspace one access/20.10.0.1
- version/vmware workspace one access/21.08.0.0
- version/vmware workspace one access/21.08.0.1
- vendor/linux
- canonical/linux kernel
- canonical/vmware cloud foundation
- version/vmware cloud foundation/3.0
- version/vmware cloud foundation/3.0.1
- version/vmware cloud foundation/3.0.1.1
- version/vmware cloud foundation/3.5
- version/vmware cloud foundation/3.5.1
- version/vmware cloud foundation/3.7
- version/vmware cloud foundation/3.7.1
- version/vmware cloud foundation/3.7.2
- version/vmware cloud foundation/3.8
- version/vmware cloud foundation/3.8.1
- version/vmware cloud foundation/3.9
- version/vmware cloud foundation/3.9.1
- version/vmware cloud foundation/3.10
- version/vmware cloud foundation/3.10.1
- version/vmware cloud foundation/3.10.1.1
- version/vmware cloud foundation/3.10.1.2
- version/vmware cloud foundation/3.10.2.1
- version/vmware cloud foundation/3.10.2.2
- version/vmware cloud foundation/3.11
- version/vmware cloud foundation/3.11.0.1
- version/vmware cloud foundation/4.0
- version/vmware cloud foundation/4.0.1
- version/vmware cloud foundation/4.1
- version/vmware cloud foundation/4.1.0.1
- version/vmware cloud foundation/4.2
- version/vmware cloud foundation/4.2.1
- version/vmware cloud foundation/4.3
- version/vmware cloud foundation/4.3.1
- canonical/vmware vrealize suite lifecycle manager
- version/vmware vrealize suite lifecycle manager/8.0
- version/vmware vrealize suite lifecycle manager/8.0.1
- version/vmware vrealize suite lifecycle manager/8.1
- version/vmware vrealize suite lifecycle manager/8.2
- version/vmware vrealize suite lifecycle manager/8.2-patch1
- version/vmware vrealize suite lifecycle manager/8.2-patch2
- version/vmware vrealize suite lifecycle manager/8.2-patch3
- version/vmware vrealize suite lifecycle manager/8.3
- version/vmware vrealize suite lifecycle manager/8.3-patch1
- version/vmware vrealize suite lifecycle manager/8.3-patch2
- version/vmware vrealize suite lifecycle manager/8.3-patch3
- version/vmware vrealize suite lifecycle manager/8.4
- version/vmware vrealize suite lifecycle manager/8.4-patch1
- version/vmware vrealize suite lifecycle manager/8.4.1
- version/vmware vrealize suite lifecycle manager/8.4.1-patch1
- version/vmware vrealize suite lifecycle manager/8.4.1-patch2
- version/vmware vrealize suite lifecycle manager/8.4.1-patch3
- version/vmware vrealize suite lifecycle manager/8.6
- version/vmware vrealize suite lifecycle manager/8.6-patch1
- version/vmware vrealize suite lifecycle manager/8.6.1
- version/vmware vrealize suite lifecycle manager/8.6.2
- version/vmware vrealize suite lifecycle manager/8.7
- version/vmware vrealize suite lifecycle manager/8.8