What is CVE-2022-22955?

CVE-2022-22955 is a vulnerability in Vmware Workspace One Access. Published 2022-04-13.

Is CVE-2022-22955 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Vmware Workspace One Access

CVE-2022-22955

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed end…

EPSS: 0.701 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a Vmware Workspace One Access — versions Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0.

Public proof-of-concept exploits

ARPSyndicate/cve-scores
ARPSyndicate/cvemon
kaanymz/2022-04-06-critical-vmware-fix
nguyenv1nK/22954

References

www.vmware.com/security/advisories/VMSA-2022-0011.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-22955?: CVE-2022-22955 is a vulnerability in Vmware Workspace One Access. Published 2022-04-13.
Is CVE-2022-22955 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.