Vulnerabilities > CVE-2022-22973 - Unspecified vulnerability in VMWare products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

vmware

NVD

Published: 2022-05-20

Updated: 2023-08-08

Summary

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Identity Manager 3.3.3 Vmware Identity Manager 3.3.4 Vmware Identity Manager 3.3.5 Vmware Identity Manager 3.3.6 Vmware Workspace ONE Access 20.10.0.0 Vmware Workspace ONE Access 20.10.0.1 Vmware Workspace ONE Access 21.08.0.0 Vmware Workspace ONE Access 21.08.0.1 Vmware Cloud Foundation 4.0 Vmware Cloud Foundation 4.0.1 Vmware Cloud Foundation 4.1 Vmware Cloud Foundation 4.2.1 Vmware Cloud Foundation 4.1.0.1 Vmware Cloud Foundation 4.3.1 Vmware Cloud Foundation 4.3 Vmware Cloud Foundation 4.2 Vmware Vrealize Suite Lifecycle Manager 8.0 Vmware Vrealize Suite Lifecycle Manager 8.0.1 Vmware Vrealize Suite Lifecycle Manager 8.1 Vmware Vrealize Suite Lifecycle Manager 8.2 Vmware Vrealize Suite Lifecycle Manager 8.8 Vmware Vrealize Suite Lifecycle Manager 8.7 Vmware Vrealize Suite Lifecycle Manager 8.6 Vmware Vrealize Suite Lifecycle Manager 8.6.1 Vmware Vrealize Suite Lifecycle Manager 8.6.2 Vmware Vrealize Suite Lifecycle Manager 8.4.1 Vmware Vrealize Suite Lifecycle Manager 8.4 Vmware Vrealize Suite Lifecycle Manager 8.3	39
Application	Linux Linux Linux Kernel -	1

References

https://www.vmware.com/security/advisories/VMSA-2022-0014.html