CVE-2022-31657

Summary

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.

Affected Software

VendorProductVersion RangeStatus
n/aVMware Workspace ONE Access, Identity Manager and vRealize AutomationWorkspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6affected

Weaknesses

  • VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability

ADP Enrichment

CVE Program Container

Additional References

References