CVE-2022-22956

EPSS 83.81% · P99 Updated Feb 14, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-22956

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Vmware Workspace One Access 授权问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Vmware Workspace One Access是美国Vmware公司的将用户身份与设备和网络信息等因素结合起来，为 Workspace One 交付的应用程序制定智能驱动的条件访问决策。 Vmware Workspace One Access存在授权问题漏洞，该漏洞是由于 OAuth2 ACS 框架中存在错误。远程攻击者可以绕过身份验证过程对应用程序进行访问。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	VMware Workspace ONE Access	Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0.	-

II. Public POCs for CVE-2022-22956

#	POC Description	Source Link	Shenlong Link
1	VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22956.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-22956

请登录查看更多情报信息。

Same Patch Batch · n/a · 2022-04-13 · 26 CVEs total

CVE-2022-27256		Hubzilla 输入验证错误漏洞
CVE-2021-43154		CMS Made Simple 跨站脚本漏洞
CVE-2022-27524		Autodesk AutoCAD 缓冲区错误漏洞
CVE-2022-27523		Autodesk AutoCAD 缓冲区错误漏洞
CVE-2022-22958		多款 VMware 产品代码问题漏洞
CVE-2022-22955		多款 VMware 产品授权问题漏洞
CVE-2022-22961		多款 VMware 产品信息泄露漏洞
CVE-2022-22959		多款 VMware 产品跨站请求伪造漏洞
CVE-2022-1280		Linux kernel 资源管理错误漏洞
CVE-2021-42136		REDCap 跨站脚本漏洞
CVE-2021-46167		WIZPLAT PD065 安全漏洞
CVE-2022-28052		Roothub 路径遍历漏洞
CVE-2022-26144		MantisBT 跨站脚本漏洞
CVE-2015-20107		Python 命令注入漏洞
CVE-2022-26643		Johnson Controls EasyIO CPT Graphics 安全漏洞
CVE-2021-43741		CMSimple 路径遍历漏洞
CVE-2021-43742		CMSimple 跨站脚本漏洞
CVE-2022-24308		Automox Alive Automox Agent 安全漏洞
CVE-2020-29653		Froxlor 跨站脚本漏洞
CVE-2022-27475		Hotel-Mgmt-System 跨站脚本漏洞

Showing top 20 of 26 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: VMware Workspace ONE Access

Same vendor: n/a

V. Comments for CVE-2022-22956

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-22956

I. Basic Information for CVE-2022-22956

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2022-22956

III. Intelligence Information for CVE-2022-22956

Same Patch Batch · n/a · 2022-04-13 · 26 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-22956

Leave a comment