CVE-2022-31658: 
Workspace ONE Access Connector vulnerability analysis and mitigation

CVE-2022-31658 is a JDBC Injection Remote Code Execution vulnerability affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation. The vulnerability was discovered by PetrusViet, a member of VNG Security, and was publicly disclosed on July 31, 2022. VMware evaluated this vulnerability with a CVSSv3 base score of 8.0, categorizing it as 'Important' severity (VMware Advisory).

The vulnerability is classified as a remote code execution vulnerability with a CVSSv3 base score of 8.0. The technical assessment indicates that successful exploitation requires both administrator and network access to the affected systems. The vulnerability specifically relates to JDBC injection, which could allow code execution in the context of the affected VMware products (VMware Advisory).

If successfully exploited, this vulnerability enables a malicious actor with administrator and network access to trigger remote code execution on the affected systems. The vulnerability affects multiple versions of VMware products including Workspace ONE Access 21.08.0.0 and 21.08.0.1, Identity Manager 3.3.4 through 3.3.6, and certain versions of vRealize Automation (VMware Advisory).

VMware has released patches to address this vulnerability. Organizations are advised to apply the patches listed in the 'Fixed Version' column of the Resolution Matrix in VMware's security advisory. No workarounds are available for this vulnerability, making patch application the only effective mitigation strategy (VMware Advisory).