cve/2022/CVE-2022-31657.md

### [CVE-2022-31657](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31657)
![](https://img.shields.io/static/v1?label=Product&message=VMware%20Workspace%20ONE%20Access%2C%20Identity%20Manager%20and%20vRealize%20Automation&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=VMware%20Workspace%20ONE%20Access%20and%20Identity%20Manager%20contain%20a%20URL%20injection%20vulnerability&color=brighgreen)

### Description

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.

### POC

#### Reference
- https://www.vmware.com/security/advisories/VMSA-2022-0021.html

#### Github
No PoCs found on GitHub currently.