9.8
CVSSv3

CVE-2022-31656

Published: 05/08/2022 Updated: 06/08/2022

Vulnerability Summary

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Recent Articles

VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Meanwhile, a security update for rsync What do you want on The Register?

VMware has fixed a critical authentication bypass vulnerability that hits 9.8 out of 10 on the CVSS severity scale and is present in multiple products.
That flaw is tracked as CVE-2022-31656, and affects VMware's Workspace ONE Access, Identity Manager, and vRealize Automation. It was addressed along with nine other security holes in this patch batch, published Tuesday.
Here's the bottom line of the '31656 bug, according to VMware: "A malicious actor with network access to the UI may ...