Skip to main content

Access CVE-2022-31701

MEDIUM
Missing Authentication for Critical Function (CWE-306)
2022-12-14 security@vmware.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 14, 2022 - 19:15 nvd
MEDIUM 5.3

DescriptionNVD

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

AnalysisAI

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. Affected products include: Vmware Access, Vmware Cloud Foundation, Vmware Identity Manager Connector.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.

More in Access

View all
CVE-2013-3157 CRITICAL
9.3 Sep 11

Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary c

CVE-2013-3155 CRITICAL
9.3 Sep 11

Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary c

CVE-2013-3156 CRITICAL
9.3 Sep 11

Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary c

CVE-2015-2503 CRITICAL
9.3 Nov 11

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, P

CVE-2019-11898 CRITICAL
9.9 Sep 12

Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. Rated cr

CVE-2019-18780 CRITICAL
9.8 Nov 05

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthentica

CVE-2017-6399 HIGH
8.8 Mar 02

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVS

CVE-2017-6406 HIGH
8.8 Mar 02

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVS

CVE-2017-6400 HIGH
8.8 Mar 02

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Rated high severity (CVS

CVE-2020-0760 HIGH
8.8 Apr 15

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Micro

CVE-2025-26642 HIGH
7.8 Apr 08

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVS

CVE-2024-49142 HIGH
7.8 Dec 12

Microsoft Access Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentic

Share

CVE-2022-31701 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy