Is CVE-2022-22972 known to be exploited?

40 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Vmware Workspace One Access, Identity Manager And Vrealize Automation

CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access…

EPSS: 0.937 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a Vmware Workspace One Access, Identity Manager And Vrealize Automation — versions Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6.

Public proof-of-concept exploits

References

www.vmware.com/security/advisories/VMSA-2022-0014.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-22972?: CVE-2022-22972 is a vulnerability in Vmware Workspace One Access, Identity Manager And Vrealize Automation. Published 2022-05-20.
Is CVE-2022-22972 known to be exploited?: 40 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.