CVE-2022-31665: 
VMware Identity Manager Connector (Windows) vulnerability analysis and mitigation

CVE-2022-31665 is a JDBC Injection Remote Code Execution vulnerability affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation. The vulnerability was discovered and reported by Steven Seeley (mr_me) of Qihoo 360 Vulnerability Research Institute and was disclosed on July 31, 2022. VMware has evaluated this vulnerability with a CVSSv3 base score of 7.6, categorizing it as 'Important' severity (VMware Advisory).

The vulnerability is a remote code execution flaw that exists in the JDBC implementation of affected VMware products. It has been assigned a CVSSv3 base score of 7.6, indicating significant severity. The vulnerability affects multiple versions of VMware products including Workspace ONE Access (versions 21.08.0.1, 21.08.0.0), Identity Manager (versions 3.3.6, 3.3.5, 3.3.4), and vRealize Automation 7.6 running on Linux systems (VMware Advisory).

If successfully exploited, this vulnerability allows a malicious actor with administrator and network access to trigger remote code execution on affected systems (VMware Advisory, Hacker News).

VMware has released patches to address this vulnerability. Affected users should apply the patches listed in the 'Fixed Version' column of the Resolution Matrix, which can be found in KB89096. No workarounds are available for this vulnerability, making patch application the only remediation option (VMware Advisory).