VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware identity_manager 3.3.3 |
||
vmware identity_manager 3.3.4 |
||
vmware identity_manager 3.3.5 |
||
vmware identity_manager 3.3.6 |
||
vmware vrealize_automation |
||
vmware vrealize_automation 7.6 |
||
vmware workspace_one_access 20.10.0.0 |
||
vmware workspace_one_access 20.10.0.1 |
||
vmware workspace_one_access 21.08.0.0 |
||
vmware workspace_one_access 21.08.0.1 |