Improper Authentication in VMware, Inc products - CVE-2022-22972
Published: May 18, 2022 / Updated: May 29, 2022
Vulnerability identifier: #VU63406
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2022-22972
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: VMware, Inc
Affected software:
VMware Workspace One Access
VMware Identity Manager
Aria Automation (formerly vRealize Automation)
Cloud Foundation
vRealize Suite Lifecycle Manager
VMware Workspace One Access
VMware Identity Manager
Aria Automation (formerly vRealize Automation)
Cloud Foundation
vRealize Suite Lifecycle Manager
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the UI when processing authentication requests. A remote attacker can bypass authentication process and gain administrative access to the application.
How to mitigate CVE-2022-22972
Install updates from vendor's website.