CVE-2022-22956 : VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

Published 2022-04-13 18:15:13

Updated 2023-04-19 00:15:08

Source VMware

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2022-22956

Vmware » Vrealize Automation
Versions from including (>=) 8.0 and before (<) 9.0
cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Vmware » Vrealize Automation » Version: 7.6
cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Vmware » Identity Manager » Version: 3.3.3
cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Vmware » Identity Manager » Version: 3.3.4
cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Vmware » Identity Manager » Version: 3.3.5
cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Vmware » Identity Manager » Version: 3.3.6
cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Vmware » Workspace One Access » Version: 20.10.0.0
cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Vmware » Workspace One Access » Version: 20.10.0.1
cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Vmware » Workspace One Access » Version: 21.08.0.0
cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Vmware » Workspace One Access » Version: 21.08.0.1
cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-22956

EPSS FAQ

56.90%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2022-22956

VMware Workspace ONE Access VMSA-2022-0011 exploit chain

Disclosure Date: 2022-04-06

First seen: 2023-09-11

exploit/linux/http/vmware_workspace_one_access_vmsa_2022_0011_chain

This module combines two vulnerabilities in order achieve remote code execution in the context of the `horizon` user. The first vulnerability CVE-2022-22956 is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker

More information

CVSS scores for CVE-2022-22956

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-22956

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-22956

http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html

VMware Workspace ONE Remote Code Execution ≈ Packet Storm

CVEs referencing this url
https://www.vmware.com/security/advisories/VMSA-2022-0011.html

VMSA-2022-0011
Patch;Vendor Advisory

CVEs referencing this url
http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html

VMware Workspace ONE Remote Code Execution ≈ Packet Storm

CVEs referencing this url

Jump to