Improper Authentication in VMware, Inc products - CVE-2022-31656
Published: August 2, 2022 / Updated: August 10, 2022
Vulnerability identifier: #VU65957
CSH Severity: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
CVE-ID: CVE-2022-31656
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
VMware Workspace One Access
VMware Identity Manager
Aria Automation (formerly vRealize Automation)
vRealize Suite Lifecycle Manager
Cloud Foundation
VMware Workspace One Access
VMware Identity Manager
Aria Automation (formerly vRealize Automation)
vRealize Suite Lifecycle Manager
Cloud Foundation
Software vendor:
VMware, Inc
VMware, Inc
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error in authentication process affecting local domain users. A remote non-authenticated attacker with access to the UI can bypass authentication process and gain administrative access to the system.
Remediation
Install updates from vendor's website.