Follow Cyber Kendra on Google News! | WhatsApp | Telegram

VMware Patch Critical Authentication Bypass Vulnerability

Authentication bypass in VMware Workspace ONE Access, Identity Manager and vRealize Automation

VMware Patch Critical Authentication Bypass Vulnerability

VMware released the security advisory to address a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. The vulnerability can be exploited remotely and unauthenticated attackers can exploit the vulnerability to gain admin privileges.

The vulnerability has been rated critical and received a CVSS v3 base score of 9.8, impacting Workspace ONE Access, Identity Manager, and vRealize Automation products. 

The advisory reads - “A malicious actor with network access to the UI may obtain administrative access without needing to authenticate.

Additionally, VMware also released the fix for three remote code execution vulnerabilities and a couple of Local Privilege Escalation Vulnerability An authentication bypass means that an attacker with network access to Workspace ONE Access, VMware Identity Manager, and vRealize Automation can obtain administrator access. Remote code execution (RCE) means that an attacker can trick the components into executing commands that aren’t authorized. Privilege escalation means that an attacker with local access can become root on the virtual appliance. It is extremely important that users quickly take steps to patch or mitigate these issues in on-premises deployments.

Vulnerability Patched by VMware

CVE ID Vulnerability
CVE-2022-31657 URL Injection Vulnerability
CVE-2022-31658 JDBC Injection Remote Code Execution Vulnerability
CVE-2022-31659 SQL injection Remote Code Execution Vulnerability
CVE-2022-31660 Local Privilege Escalation Vulnerability
CVE-2022-31661 Local Privilege Escalation Vulnerability
CVE-2022-31662 Path traversal vulnerability
CVE-2022-31663 Cross-site scripting (XSS) vulnerability
CVE-2022-31664 Local Privilege Escalation Vulnerability
CVE-2022-31665 JDBC Injection Remote Code Execution Vulnerability

The above issues impact the following products:

  • VMware Workspace ONE Access (Access)
  • VMware Workspace ONE Access Connector (Access Connector)
  • VMware Identity Manager (vIDM)
  • VMware Identity Manager Connector (vIDM Connector)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

Post a Comment