Vulnerability CVE-2022-22960

Vulnerability CVE-2022-22960

Published: 2022-04-13

Description:

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

See advisories in our WLB2 database:

	Topic	Author	Date
Med.	Mware Workspace ONE Remote Code Execution	mr_me	18.04.2023

Type:

CWE-269

(Improper Privilege Management)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.2/10	10/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

References:

https://www.vmware.com/security/advisories/VMSA-2022-0011.html

Copyright 2024, cxsecurity.com