CVE-2022-22958

Summary

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.

Affected Software

VendorProductVersion RangeStatus
n/aVMware Workspace ONE Access, Identity Manager and vRealize Automation.Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6.affected

Weaknesses

  • Remote code execution

ADP Enrichment

CVE Program Container

Additional References

References