N/A

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

N/A

N/A

Vmware Workspace One Access 授权问题漏洞

Vmware Workspace One Access是美国Vmware公司的将用户身份与设备和网络信息等因素结合起来，为 Workspace One 交付的应用程序制定智能驱动的条件访问决策。 Vmware Workspace One Access存在授权问题漏洞，该漏洞是由于 OAuth2 ACS 框架中存在错误。远程攻击者可以绕过身份验证过程对应用程序进行访问。

N/A

N/A