#VU63406 Improper Authentication in VMware, Inc products - CVE-2022-22972
Published: May 18, 2022 / Updated: May 29, 2022
Vulnerability identifier: #VU63406
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2022-22972
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
VMware Workspace One Access
VMware Identity Manager
Aria Automation (formerly vRealize Automation)
Cloud Foundation
vRealize Suite Lifecycle Manager
VMware Workspace One Access
VMware Identity Manager
Aria Automation (formerly vRealize Automation)
Cloud Foundation
vRealize Suite Lifecycle Manager
Software vendor:
VMware, Inc
VMware, Inc
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the UI when processing authentication requests. A remote attacker can bypass authentication process and gain administrative access to the application.
Remediation
Install updates from vendor's website.