CVE-2022-22959

Vulnerability

VMware Workspace ONE Access, Identity Manager, and vRealize Automation contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows a malicious actor to trick a user, through a CSRF attack, into unintentionally validating a malicious JDBC URI. Affected products include VMware Workspace ONE Access, Identity Manager (vIDM), vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. The vulnerability is identified as CVE-2022-22959 and is part of the VMSA-2022-0011 advisory [1].

Exploitation

An attacker can exploit this vulnerability by crafting a request that causes an authenticated user to unknowingly validate a malicious JDBC URI. The attack requires tricking the user to perform actions such as clicking a link or visiting a malicious page. The attacker does not require any special network position beyond delivering the CSRF payload to the victim; the user must be authenticated to the affected VMware product for the exploit to succeed [1].

Impact

Successful exploitation results in the validation of a malicious JDBC URI, which can lead to further compromise. The impact may include disclosure of sensitive information, potential execution of arbitrary SQL commands, or other malicious actions depending on the attacker's payload. The CVSSv3 score for this vulnerability ranges up to 9.8, indicating critical severity [1].

Mitigation

VMware has released patches to remediate this vulnerability. The fixed versions are available in the VMware advisory VMSA-2022-0011.2, updated on April 13, 2022. Users should apply the patches listed in the 'Fixed Version' column of the Resolution Matrix in the advisory. No workarounds were documented specifically for CVE-2022-22959 [1].