VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware cloud_foundation |
||
vmware identity_manager 3.3.3 |
||
vmware identity_manager 3.3.4 |
||
vmware identity_manager 3.3.5 |
||
vmware identity_manager 3.3.6 |
||
vmware vrealize_automation |
||
vmware vrealize_automation 7.6 |
||
vmware vrealize_suite_lifecycle_manager |
||
vmware workspace_one_access 20.10.0.0 |
||
vmware workspace_one_access 20.10.0.1 |
||
vmware workspace_one_access 21.08.0.0 |
||
vmware workspace_one_access 21.08.0.1 |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Critical authentication bypass revealed, older flaws under active attack
Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has issued two warnings in a single day to VMware users, as it believes the virtualization giant's products can be exploited by miscreants to gain control of systems. The agency rates this threat as sufficiently serious to demand US government agencies pull the plug on their VMware products if patches can’t be applied. Of the two warnings, one highlights a critical authentication bypass vulnerability – CVE-2022-22972, rated ...