CVE-2022-31659 - OpenCVE

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows
Vmware	One Access Identity Manager Connector Identity Manager Access Connector
Linux	Linux Kernel

Configuration 1 [-]

AND

OR	cpe:2.3:a:vmware:identity_manager:3.3.4:::::::*
	cpe:2.3:a:vmware:identity_manager:3.3.5:::::::*
	cpe:2.3:a:vmware:identity_manager:3.3.6:::::::*
	cpe:2.3:a:vmware:one_access:21.08.0.0:::::::*
	cpe:2.3:a:vmware:one_access:21.08.0.1:::::::*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:vmware:access_connector:22.05:::::::*
	cpe:2.3:a:vmware:access_connector:22.08.0.0:::::::*
	cpe:2.3:a:vmware:access_connector:22.08.0.1:::::::*
	cpe:2.3:a:vmware:identity_manager_connector:3.3.4:::::::*
	cpe:2.3:a:vmware:identity_manager_connector:3.3.5:::::::*
	cpe:2.3:a:vmware:identity_manager_connector:3.3.6:::::::*
	cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.vmware.com/security/advisories/VMSA-2022-0021.html	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: vmware

Published: 2022-08-05T15:06:41

Updated: 2022-08-05T15:06:41

Reserved: 2022-05-25T00:00:00

Link: CVE-2022-31659

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-05T16:15:12.737

Modified: 2022-08-11T16:09:25.877

Link: CVE-2022-31659

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation", "vendor": "n/a", "versions": [{"status": "affected", "version": "Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6"}]}], "descriptions": [{"lang": "en", "value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."}], "problemTypes": [{"descriptions": [{"description": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-05T15:06:41", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2022-31659", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation", "version": {"version_data": [{"version_value": "Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability."}]}]}, "references": {"reference_data": [{"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html", "refsource": "MISC", "url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"}]}}}}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2022-31659", "datePublished": "2022-08-05T15:06:41", "dateReserved": "2022-05-25T00:00:00", "dateUpdated": "2022-08-05T15:06:41", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*", "matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:access_connector:22.08.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "44797503-1D15-4799-BCBA-E3810B05A373", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:access_connector:22.08.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "314BB1F7-9845-486D-8CA1-7E1A03FE0FD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."}, {"lang": "es", "value": "VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota. Un actor malicioso con acceso de administrador y de red puede desencadenar una ejecuci\u00f3n de c\u00f3digo remota"}], "id": "CVE-2022-31659", "lastModified": "2022-08-11T16:09:25.877", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-05T16:15:12.737", "references": [{"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}