CVE-2022-22960

Published: Apr 13, 2022Modified: Oct 30, 2025CISA KEV

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

Affected (11)

Products: Vmware: Cloud Foundation, Identity Manager, Vrealize Automation, Vrealize Suite Lifecycle Manager, Workspace One Access

5 products

Cloud Foundation

Identity Manager

Vrealize Automation

Vrealize Suite Lifecycle Manager

Workspace One Access

Configuration A

11 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vmware Cloud Foundation	From 3.0 to 5.0
Vmware Identity Manager	Version 3.3.3
Vmware Identity Manager	Version 3.3.4
Vmware Identity Manager	Version 3.3.5
Vmware Identity Manager	Version 3.3.6
Vmware Vrealize Automation	Version 7.6
Vmware Vrealize Suite Lifecycle Manager	From 8.0 to 9.0
Vmware Workspace One Access	Version 20.10.0.0
Vmware Workspace One Access	Version 20.10.0.1
Vmware Workspace One Access	Version 21.08.0.0
Vmware Workspace One Access	Version 21.08.0.1

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (9)

http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html

Source: security@vmware.com

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html

Source: security@vmware.com

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html

Source: security@vmware.com

ExploitThird Party AdvisoryVDB Entry

https://www.vmware.com/security/advisories/VMSA-2022-0011.html

Source: security@vmware.com

PatchVendor Advisory

http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.vmware.com/security/advisories/VMSA-2022-0011.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22960

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.