First published: Fri Aug 05 2022(Updated: )
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
Credit: security@vmware.com security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware Identity Manager | =3.3.4 | |
VMware Identity Manager | =3.3.5 | |
VMware Identity Manager | =3.3.6 | |
Vmware One Access | =21.08.0.0 | |
Vmware One Access | =21.08.0.1 | |
Linux Linux kernel | ||
Vmware Access Connector | =21.08.0.0 | |
Vmware Access Connector | =21.08.0.1 | |
Vmware Access Connector | =22.05 | |
Vmware Identity Manager Connector | =3.3.4 | |
Vmware Identity Manager Connector | =3.3.5 | |
Vmware Identity Manager Connector | =3.3.6 | |
Vmware Identity Manager Connector | =19.03.0.1 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-31664 is a vulnerability that exists in VMware Workspace ONE Access, Identity Manager, and vRealize Automation, allowing a local attacker to escalate privileges to 'root'.
VMware Identity Manager versions 3.3.4, 3.3.5, and 3.3.6, VMware ONE Access versions 21.08.0.0 and 21.08.0.1, and VMware Access Connector versions 21.08.0.0, 21.08.0.1, and 22.05 are affected by CVE-2022-31664.
CVE-2022-31664 has a severity rating of 7.8 (high).
Update to the patched versions of the affected software: VMware Identity Manager 3.3.7, VMware ONE Access 21.08.0.2, and VMware Access Connector 22.05.1.
You can find more information about CVE-2022-31664 in the VMware Security Advisory VMSA-2022-0021.