CVE-2022-22972

Statement on CVE-2022-22972 VMware Vulnerabilities

July 15, 2022

Information

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

Severity

Low

Response

Melissa Data Corporation (“Melissa”) was not impacted by the VMware vulnerabilities as Melissa does not utilize any of the impacted VMware products.

Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.

If you have any additional questions, please contact Melissa’s Compliance department at Compliance@melissa.com.