Published: 05/08/2022 Updated: 11/08/2022
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

Vulnerability Summary

VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware identity_manager 3.3.4

vmware identity_manager 3.3.5

vmware identity_manager 3.3.6

vmware one_access

vmware one_access

vmware identity_manager_connector 3.3.4

vmware identity_manager_connector 3.3.5

vmware identity_manager_connector 3.3.6

vmware identity_manager_connector

vmware access_connector

vmware access_connector

vmware access_connector 22.05

Mailing Lists

VMware Workspace ONE Access contains a vulnerability whereby the horizon user can escalate their privileges to those of the root user by modifying a file and then restarting the vmware-certproxy service which invokes it The service control is permitted via the sudo configuration without a password ...

Recent Articles

VMWare Urges Users to Patch Critical Authentication Bypass Bug
Threatpost • Elizabeth Montalbano • 03 Aug 2022

VMware and experts alike are urging users to patch multiple products affected by a critical authentication bypass vulnerability that can allow an attacker to gain administrative access to a system as well as exploit other flaws.
The bug—tracked as CVE-2022-31656—earned a rating of 9.8 on the CVSS and is one of a number of fixes the company made in various products in an update released on Tuesday for flaws that could easily become an exploit chain, researchers said.

VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Meanwhile, a security update for rsync What do you want on The Register?

VMware has fixed a critical authentication bypass vulnerability that hits 9.8 out of 10 on the CVSS severity scale and is present in multiple products.
That flaw is tracked as CVE-2022-31656, and affects VMware's Workspace ONE Access, Identity Manager, and vRealize Automation. It was addressed along with nine other security holes in this patch batch, published Tuesday.
Here's the bottom line of the '31656 bug, according to VMware: "A malicious actor with network access to the UI may ...