CVE-2022-22955: 
Workspace ONE Access Connector vulnerability analysis and mitigation

CVE-2022-22955 is one of two authentication bypass vulnerabilities discovered in VMware Workspace ONE Access's OAuth2 ACS framework. The vulnerability was disclosed on April 13, 2022, and affects multiple versions of VMware Workspace ONE Access, including versions 20.10.0.0, 20.10.0.1, 21.08.0.0, and 21.08.0.1 running on Linux systems (VMware Advisory).

The vulnerability has been assigned a Critical severity rating with a CVSS v3.1 base score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The vulnerability exists in the OAuth2 ACS framework implementation, where exposed endpoints in the authentication framework could be exploited (NVD).

A successful exploitation of this vulnerability allows a malicious actor to bypass the authentication mechanism and execute any operation within the system due to exposed endpoints in the authentication framework (VMware Advisory).

VMware has released patches to address this vulnerability. Organizations are advised to apply the patches listed in the 'Fixed Version' column of the Resolution Matrix. Workarounds have been documented in VMware Knowledge Base articles for affected systems (VMware Advisory).