QID 376773
QID 376773: VMware Identity Manager (vIDM) Connector Multiple Vulnerabilities (VMSA-2022-0021)
VMware released VMSA-2022-0021, a critical advisory addressing security vulnerabilities found and resolved in VMware Workspace ONE Access (Access) and VMware Identity Manager (vIDM)
Affected Versions:
VMware Identity Manager (vIDM) versions 3.3.6, 3.3.5, and 3.3.4
QID Detection Logic (Authenticated):
This QID checks for vulnerable versions of VMware Identity Manager and VMware Workspace ONE Access with build version on the target and checks for the presence of patch.
Successful exploitation of these vulnerabilities may result in:
1. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
2. A malicious actor with administrator and network access can trigger a remote code execution.
3. A malicious actor with local access can escalate privileges to 'root'.
4. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.
5. A malicious actor with network access may be able to access arbitrary files and
6. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
Refer to VMware advisory VMSA-2022-0021
- VMSA-2022-0021 -
www.vmware.com/security/advisories/VMSA-2022-0021.html
CVEs related to QID 376773
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| VMSA-2022-0021 |
www.vmware.com/security/advisories/VMSA-2022-0021.html |