CVE-2022-22960

Sažetak

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

Reference

http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html
http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html
http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html
https://www.vmware.com/security/advisories/VMSA-2022-0011.html
http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html
http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html
http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html
https://www.vmware.com/security/advisories/VMSA-2022-0011.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22960

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

30-10-2025 - 20:03

Objavljeno

13-04-2022 - 18:15