CVE-2022-31701

Vulnerability

A broken authentication vulnerability exists in VMware Workspace ONE Access (Access) and VMware Identity Manager (vIDM) [1]. Affected versions include VMware Workspace ONE Access prior to builds released in the VMSA-2022-0032 advisory, and VMware Identity Manager prior to the corresponding updates. The vulnerability is present in the authentication mechanism, potentially allowing a remote attacker to impersonate a legitimate user session without proper credentials [1]. The CVSSv3 base score is 5.3, classified as Moderate severity [1].

Exploitation

An attacker can exploit this vulnerability from a network position without requiring authentication or user interaction [1]. The specific conditions involve a flaw in the authentication handling that permits an attacker to send crafted requests to bypass the intended authentication check and assume another user's session. No write access or race condition is necessary; the attack is network-based and can be performed remotely [1].

Impact

Successful exploitation allows an attacker to perform a session takeover, gaining unauthorized access to the affected application with the privileges of the targeted user [1]. This can lead to information disclosure (confidentiality) and potential manipulation of data (integrity) depending on the user's permissions within Workspace ONE Access or Identity Manager. The impact is limited to the scope of the compromised user session [1].

Mitigation

VMware released updates to address this vulnerability on December 13, 2022, as part of VMSA-2022-0032 [1]. Users should apply the latest patches available for their impacted product (Workspace ONE Access, Identity Manager, or Cloud Foundation). No workarounds or mitigations are documented in the advisory; applying the update is the recommended remediation [1].