CVE-2022-22972

CRITICAL EXPLOITED NUCLEI

Vmware Identity Manager - Authentication Bypass

Title source: rule

Description

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

Exploits (4)

nomisec WORKING POC 153 stars

by horizon3ai · remote

https://github.com/horizon3ai/CVE-2022-22972

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by xk4ng · poc

https://github.com/xk4ng/CVE-2022-22972

View Code ZIP pw:eip

nomisec WRITEUP

by bengisugun · poc

https://github.com/bengisugun/CVE-2022-22972-

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

remote

https://github.com/Schira4396/VcenterKiller

View Code ZIP pw:eip

Nuclei Templates (1)

VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass

CRITICALby For3stCo1d,princechaddha

Shodan: http.favicon.hash:-1250474341

FOFA:

app="vmware-Workspace-ONE-Access" || app="vmware-Identity-Manager" || app="vmware-vRealize" || icon_hash=-1250474341 || app="vmware-workspace-one-access" || app="vmware-identity-manager" || app="vmware-vrealize"

References (1)

[Vendor Advisory] https://www.vmware.com/security/advisories/VMSA-2022-0014.html

Scores

CVSS v3 9.8

EPSS 0.9362

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-08-12

Status published

Products (40)

vmware/cloud_foundation 3.0

vmware/cloud_foundation 3.0.1

vmware/cloud_foundation 3.0.1.1

vmware/cloud_foundation 3.5

vmware/cloud_foundation 3.5.1

vmware/cloud_foundation 3.7

vmware/cloud_foundation 3.7.1

vmware/cloud_foundation 3.7.2

vmware/cloud_foundation 3.8

vmware/cloud_foundation 3.8.1

... and 30 more

Published May 20, 2022

Tracked Since Feb 18, 2026