CVE-2022-22960

CISA KEV

Published April 15, 2022 · Updated April 3, 2026

high

Official Description+

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.

Affected Products

Vendor	Product
VMware	Multiple Products

Patch Status

Patch by 2022-05-06

Recommended Actions

Check if your systems use any of the affected products listed above.
Apply vendor patches immediately if available.
This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
Monitor vendor advisories for updates and additional mitigations.
Review logs for indicators of compromise related to CVE-2022-22960.