CVE-2022-22961

EUVD-2022-28084
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
vmwarecloud_foundation
3.0 ≤
𝑥
< 5.0
vmwareidentity_manager
3.3.3
vmwareidentity_manager
3.3.4
vmwareidentity_manager
3.3.5
vmwareidentity_manager
3.3.6
vmwarevrealize_automation
8.0 ≤
𝑥
< 9.0
vmwarevrealize_automation
7.6
vmwarevrealize_suite_lifecycle_manager
8.0 ≤
𝑥
< 9.0
vmwareworkspace_one_access
20.10.0.0
vmwareworkspace_one_access
20.10.0.1
vmwareworkspace_one_access
21.08.0.0
vmwareworkspace_one_access
21.08.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.vmware.com/security/advisories/VMSA-2022-0011.html
https://www.vmware.com/security/advisories/VMSA-2022-0011.html