BDU:2022-04891

BDU

High

Уязвимость платформы администрирования приложений VMware Workspace One Access, консоли администрирования VMware Identity Manager (vIDM) свя…

CVSS

8.0

High

EPSS

0.00

Published

2022-01-01

Updated

2022-01-01

Description

Уязвимость платформы администрирования приложений VMware Workspace One Access, консоли администрирования VMware Identity Manager (vIDM) связана с непринятием мер по защите структуры запроса SQL. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Affected products

Broadcom inc. Vmware aria automationBroadcom inc. Vmware aria suite lifecycleOmnissa Omnissa workspace one accessOmnissa Omnissa workspace one access connectorOmnissa Omnissa workspace one access connector

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Timeline

2022-01-01

Published

2022-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: H

High (H)

Privileges Required

PR: H

High (H)

User Interaction

UI: N

None (N)

Scope

S: C

Changed (C)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Broadcom

Vmware Aria Suite Lifecycle Vmware Aria Automation

Omnissa

Omnissa Workspace One Access Connector Omnissa Workspace One Access

Product	Vendor	Status
vmware aria automation	broadcom inc.	Tracked
vmware aria suite lifecycle	broadcom inc.	Tracked
omnissa workspace one access	omnissa	Tracked
omnissa workspace one access connector	omnissa	Tracked
omnissa workspace one access connector	omnissa	Tracked

Source databases

BDU

Related vulnerabilities

CVE-2022-31659

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31659@https://www.vmware.com/security/advisories/VMSA-2022-0021.html