CVE-2022-31701: 
NixOS vulnerability analysis and mitigation

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability identified as CVE-2022-31701. The vulnerability was disclosed on December 13, 2022, and affects multiple versions of VMware Workspace ONE Access (when running on Linux) and VMware Identity Manager version 3.3.6. VMware has evaluated this vulnerability with a CVSSv3 base score of 5.3, categorizing it in the Moderate severity range (VMware Advisory).

The vulnerability is classified as a broken authentication issue in the affected VMware products. It has been assigned a CVSSv3 base score of 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating network accessibility with low attack complexity and no privileges required (VMware Advisory).

The vulnerability exposes an unauthenticated endpoint that could allow a malicious actor with network access to obtain system information. Successful exploitation of this issue can lead to targeting victims (VMware Advisory).

VMware has released patches to address this vulnerability. For VMware Workspace ONE Access version 22.09.0.0, users should upgrade to version 22.09.1.0. For versions 21.08.0.1 and 21.08.0.0, users should apply the fixes detailed in KB90399. VMware Identity Manager users should also apply the patches specified in KB90399. No workarounds are available, making patch installation the only remediation option (VMware Advisory).