CVE-2022-31700 - Vulnerability Details - OpenCVE

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Microsoft	Windows
Vmware	Access Cloud Foundation Identity Manager

Configuration 1 [-]

OR	cpe:2.3:a:vmware:access:21.08.0.0:::::linux::
	cpe:2.3:a:vmware:access:21.08.0.1:::::linux::
	cpe:2.3:a:vmware:cloud_foundation:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.vmware.com/security/advisories/VMSA-2022-0032.html

History

Tue, 22 Apr 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2022-12-14T00:00:00.000Z

Updated: 2025-04-22T16:06:25.180Z

Reserved: 2022-05-25T00:00:00.000Z

Link: CVE-2022-31700

Vulnrichment

Updated: 2024-08-03T07:26:00.938Z

NVD

Status : Modified

Published: 2022-12-14T19:15:12.860

Modified: 2025-04-22T16:15:29.917

Link: CVE-2022-31700

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-31700", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "dateUpdated": "2025-04-22T16:06:25.180Z", "dateReserved": "2022-05-25T00:00:00.000Z", "datePublished": "2022-12-14T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2022-12-14T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2."}], "affected": [{"vendor": "n/a", "product": "VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM)", "versions": [{"version": "VMware Workspace ONE Access (Multiple Versions)", "status": "affected"}]}], "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Authenticated Remote Code Execution Vulnerability"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:00.938Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-22T16:05:37.679578Z", "id": "CVE-2022-31700", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T16:06:25.180Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-31700", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "dateUpdated": "2025-04-22T16:06:25.180Z", "dateReserved": "2022-05-25T00:00:00.000Z", "datePublished": "2022-12-14T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2022-12-14T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2."}], "affected": [{"vendor": "n/a", "product": "VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM)", "versions": [{"version": "VMware Workspace ONE Access (Multiple Versions)", "status": "affected"}]}], "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Authenticated Remote Code Execution Vulnerability"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:00.938Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-31700", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-22T16:05:37.679578Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T16:06:01.676Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:access:21.08.0.0:*:*:*:*:linux:*:*", "matchCriteriaId": "58F8802F-BE7F-4908-BD92-2576238798D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:access:21.08.0.1:*:*:*:*:linux:*:*", "matchCriteriaId": "B7145A8C-7716-4839-8707-05765687447B", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:*", "matchCriteriaId": "31A7BB38-3238-413E-9736-F1A165D40867", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2."}, {"lang": "es", "value": "VMware Workspace ONE Access and Identity Manager contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo autenticado. VMware ha evaluado la gravedad de este problema en el rango de gravedad Importante con una puntuaci\u00f3n base CVSSv3 m\u00e1xima de 7.2."}], "id": "CVE-2022-31700", "lastModified": "2025-04-22T16:15:29.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-14T19:15:12.860", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}