Oasis Ticket Sales Scams: How to Stay Safe
During our weekly meetings with the banking industry and Police Scotland, we continue to see a significant increase in ticket scams over the last three…
VMware Urges Administrators to Immediately Patch New Vulnerability
Affected Systems: VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, vRealize Suite Lifecycle Manager
Date Discovered: 2nd August 2022
Description:
On the 2nd of August 2022, VMware released a critical security advisory addressing vulnerabilities that allow for authentication bypass, remote code execution, and privilege escalation, among others.
The advisory, named VMSA-2022-0021, mainly focuses on the new vulnerability CVE-2022-31656 which allows for authentication bypass and affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. As this vulnerability can allow for threat actors with access to the network to gain administrator access without authentication, VMware has declared this issue to be of critical severity, giving the vulnerability a CVSSv3 base score of 9.8.
Additionally, VMware published information on nine other new CVEs affecting its services. These new vulnerabilities allow for remote code execution (CVE-2022-31658, CVE-2022-31659, CVE-2022-31665), local privilege escalation (CVE-2022-31660, CVE-2022-31661, CVE-2022-31664), URL injection (CVE-2022-31657), path traversal (CVE-2022-31662), and cross-site scripting (CVE-2022-31663).
The impacted VMware products include:
- VMware Workspace ONE Access (Access)
- VMware Workspace ONE Access Connector (Access Connector)
- VMware Identity Manager (vIDM)
- VMware Identity Manager Connector (vIDM Connector)
- VMware vRealize Automation (vRA)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
Preventions:
Updating the latest security patches for these systems as soon as possible can prevent these new vulnerabilities from being exploited on your system. VMware has released download links and installation instructions for all affected versions here. There is also a Q&A post that answers some common questions relating to this advisory that can be found here.
Related Links:
https://www.vmware.com/security/advisories/VMSA-2022-0021.html – Released 2nd August
https://blogs.vmware.com/security/2022/08/vmsa-2022-0021-what-you-need-to-know.html – Posted 2nd August
Related articles
Alert: Unpatched Microsoft Office Vulnerability Exposes NTLM Hashes
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…
Public Alert: Windows 11 End of Support – Action Required
Microsoft has issued an important reminder that multiple editions of Windows 11 will reach the end of their support lifecycle on 8 October 2024. This…