Cyber Resilience

CVE-2022-22960

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCLPE

Published: 13 April 2022

Published
13 April 2022
Modified
30 October 2025
KEV Added
15 April 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7249 98.8th percentile
Risk Priority 79 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-22960 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Vmware Identity Manager. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2022-22960 is a privilege escalation vulnerability present in VMware Workspace ONE Access, Identity Manager, and vRealize Automation. It arises from improper permissions in support scripts and is tracked under CWE-732, carrying a CVSS 3.1 base score of 7.8 for local attack vectors that require low complexity and low privileges.

An attacker with existing local access on an affected host can leverage the misconfigured scripts to elevate privileges to root, resulting in full compromise of confidentiality, integrity, and availability on the system.

Public references include the official VMware advisory VMSA-2022-0011 along with multiple exploit artifacts published on PacketStorm Security that demonstrate remote code execution and privilege escalation paths.

The associated EPSS score has remained elevated, with a current value of 0.7249 and a peak of 0.7266, reflecting ongoing exploitation interest after the April 2022 disclosure.

EU & UK References

Vulnerability details

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

CWE(s)
KEV Date Added
15 April 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

vmware
cloud foundation
3.0 — 5.0
vmware
identity manager
3.3.3, 3.3.4, 3.3.5, 3.3.6
vmware
vrealize automation
7.6
vmware
vrealize suite lifecycle manager
8.0 — 9.0
vmware
workspace one access
20.10.0.0, 20.10.0.1, 21.08.0.0, 21.08.0.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires least-privilege permissions on support scripts so a local user cannot escalate to root.

prevent

Enforces access-control policy on files and executables, blocking the improper permissions that enable local privilege escalation.

prevent

Mandates secure baseline configuration settings, including restrictive file permissions on privileged scripts.

References