What is CVE-2022-22956?

CVE-2022-22956 is a vulnerability in Vmware Workspace One Access. Published 2022-04-13.

Is CVE-2022-22956 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Vmware Workspace One Access

CVE-2022-22956

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed end…

EPSS: 0.849 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a Vmware Workspace One Access — versions Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0.

Public proof-of-concept exploits

rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
cyb3r-w0lf/nuclei-template-collection
kaanymz/2022-04-06-critical-vmware-fix
sourceincite/hekate

References

www.vmware.com/security/advisories/VMSA-2022-0011.html
packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution…
packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution…

Frequently asked questions

What is CVE-2022-22956?: CVE-2022-22956 is a vulnerability in Vmware Workspace One Access. Published 2022-04-13.
Is CVE-2022-22956 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.