CVE-2022-22961: 
Workspace ONE Access Connector vulnerability analysis and mitigation

CVE-2022-22961 is an information disclosure vulnerability affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation products. The vulnerability was disclosed on April 6, 2022, and was assigned a CVSS v3.1 base score of 5.3 (Moderate severity). The affected products include VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager (VMware Advisory).

The vulnerability occurs due to the affected systems returning excess information. It has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating that it can be exploited over the network with low attack complexity, requires no privileges or user interaction, and affects only confidentiality at a low level (NIST NVD).

The primary impact of this vulnerability is the potential disclosure of system information. Specifically, a successful exploitation can lead to the leakage of the hostname of the target system, which could be used by attackers for targeting victims (CERT-EU).

VMware has released patches to address this vulnerability and recommends applying these updates as listed in the 'Fixed Version' column of their Resolution Matrix. The patches are available through VMware's Knowledge Base article KB88099. While workarounds may be available, VMware emphasizes that patching is the most reliable solution (VMware Advisory).