CVE-2022-22956 — Vulnetix

CVE-2022-22956 PUBLISHED

------------ On April 6, 2022 VMware released VMSA-2022-0011, a critical advisory addressing security vulnerabilities found and resolved in VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products. VMware Identity Manager is also an optional external component that can provide authentication and authorization for other products, such as NSX, vRealize Operations, vRealize Log Insight, and vRealize Network Insight. The VMSA will always be the source of truth for what products & versions are affected, the workarounds, and appropriate patches. This document is a corollary to that advisory and contains resources and numerous questions & answers that have been asked regarding this issue in an effort to communicate new information, reduce the need for support calls, and help keep organizations secure.

EPSS 84.04% · 99.3th percentile

Risk Scores

EPSS Score

84.04%

99.3th percentile

Timeline

Mar 19, 2022 CrowdSec Sighting
Apr 7, 2022 CVE Published
Apr 7, 2022 PoC Published
Apr 14, 2022 EPSS Score
May 31, 2022 CrowdSec Sighting
Jul 23, 2022 EPSS Score
Oct 30, 2022 EPSS Score
Feb 7, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 9, 2023 CrowdSec Sighting
Apr 18, 2023 PoC Published
Apr 18, 2023 PoC Published

References

https://github.com/vmware/vcf-security-and-compliance-guidelines/blob/main/security-advisories/vmsa-2022-0011/README.md advisory

Open in Interactive Console →