CVE-2022-22959

Published: Apr 13, 2022Modified: Jun 17, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.

Affected (12)

Products: Vmware: Cloud Foundation, Identity Manager, Vrealize Automation, Vrealize Suite Lifecycle Manager, Workspace One Access

5 products

Vrealize Suite Lifecycle Manager

Workspace One Access

Configuration A

12 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vmware Cloud Foundation	From 3.0 to 5.0
Vmware Identity Manager	Version 3.3.3
Vmware Identity Manager	Version 3.3.4
Vmware Identity Manager	Version 3.3.5
Vmware Identity Manager	Version 3.3.6
Vmware Vrealize Automation	From 8.0 to 9.0
Vmware Vrealize Automation	Version 7.6
Vmware Vrealize Suite Lifecycle Manager	From 8.0 to 9.0
Vmware Workspace One Access	Version 20.10.0.0
Vmware Workspace One Access	Version 20.10.0.1
Vmware Workspace One Access	Version 21.08.0.0
Vmware Workspace One Access	Version 21.08.0.1

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://www.vmware.com/security/advisories/VMSA-2022-0011.html

Source: security@vmware.com

PatchVendor Advisory

https://www.vmware.com/security/advisories/VMSA-2022-0011.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.