CVE-2022-31658

Vulnerability

CVE-2022-31658 is a remote code execution vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation. The vulnerability exists in the built-in application lifecycle management functionality. A malicious actor with administrator and network access can trigger a remote code execution. Affected versions include various releases of these products; see the advisory [1] for exact version ranges.

Exploitation

An attacker needs administrator privileges and network access to the affected system. The attacker can send crafted requests to the vulnerable component, leading to arbitrary code execution. No user interaction is required beyond the initial admin access.

Impact

Successful exploitation allows the attacker to execute arbitrary code with the privileges of the affected service, typically leading to full compromise of the impacted system and potential lateral movement within the environment.

Mitigation

VMware has released security updates to address this vulnerability. The fixed versions are listed in the advisory [1]. Users should apply the patches immediately. No workarounds are known; upgrading to the patched version is the only mitigation.