VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
vmware identity_manager 3.3.3 |
||
vmware vrealize_automation 7.6 |
||
vmware identity_manager 3.3.4 |
||
vmware identity_manager 3.3.5 |
||
vmware identity_manager 3.3.6 |
||
vmware workspace_one_access 20.10.0.1 |
||
vmware workspace_one_access 20.10.0.0 |
||
vmware workspace_one_access 21.08.0.1 |
||
vmware workspace_one_access 21.08.0.0 |
||
vmware cloud foundation 4.0 |
||
vmware cloud foundation 4.0.1 |
||
vmware vrealize suite lifecycle manager 8.0 |
||
vmware vrealize suite lifecycle manager 8.0.1 |
||
vmware vrealize suite lifecycle manager 8.1 |
||
vmware vrealize suite lifecycle manager 8.2 |
||
vmware cloud foundation 3.0 |
||
vmware cloud foundation 3.0.1 |
||
vmware cloud foundation 3.0.1.1 |
||
vmware cloud foundation 3.5 |
||
vmware cloud foundation 3.5.1 |
||
vmware cloud foundation 3.7 |
||
vmware cloud foundation 3.7.1 |
||
vmware cloud foundation 3.7.2 |
||
vmware cloud foundation 3.8 |
||
vmware cloud foundation 3.8.1 |
||
vmware cloud foundation 3.9 |
||
vmware cloud foundation 3.9.1 |
||
vmware cloud foundation 3.10 |
||
vmware cloud foundation 3.10.1 |
||
vmware cloud foundation 3.10.1.1 |
||
vmware cloud foundation 3.10.1.2 |
||
vmware cloud foundation 3.10.2.1 |
||
vmware cloud foundation 3.10.2.2 |
||
vmware cloud foundation 3.11 |
||
vmware cloud foundation 4.1 |
||
vmware cloud foundation 4.1.0.1 |
||
vmware cloud foundation 4.2.1 |
||
vmware cloud foundation 4.3 |
||
vmware cloud foundation 4.3.1 |
||
vmware cloud foundation 3.11.0.1 |
||
vmware cloud foundation 4.2 |
||
vmware vrealize suite lifecycle manager 8.3 |
||
vmware vrealize suite lifecycle manager 8.4 |
||
vmware vrealize suite lifecycle manager 8.4.1 |
||
vmware vrealize suite lifecycle manager 8.6 |
||
vmware vrealize suite lifecycle manager 8.6.1 |
||
vmware vrealize suite lifecycle manager 8.6.2 |
||
vmware vrealize suite lifecycle manager 8.7 |
||
vmware vrealize suite lifecycle manager 8.8 |
Proof-of-concept exploit code is now available online for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain admin privileges.
VMware
to address the CVE-2022-22972 flaw affecting Workspace ONE Access, VMware Identity Manager (vIDM), or vRealize Automation.
The company also shared temporary workarounds for admins who cannot patch vulnerable appliances immediately,
them to disable all users except one ...
Proof-of-concept exploit code is about to be published for a vulnerability that allows administrative access without authentication in several VMware products.
Identified as CVE-2022-22972, the security issue
last Wednesday, accompanied by an urgent warning for administrators to install the patch or apply mitigations immediately.
In an advisory on May 18th, VMware warned that the security implications for leaving CVE-2022-22972 unpatched are severe as the issue is "...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Critical authentication bypass revealed, older flaws under active attack
Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has issued two warnings in a single day to VMware users, as it believes the virtualization giant's products can be exploited by miscreants to gain control of systems.
The agency rates this threat as sufficiently serious to demand US government agencies pull the plug on their VMware products if patches can’t be applied.
Of the two warnings, one highlights a critical authentication bypass vulnerability – CVE-2022-2...
VMware warned customers today to immediately patch a critical authentication bypass vulnerability "affecting local domain users" in multiple products that can be exploited to obtain admin privileges.
The flaw (tracked as CVE-2022-22972) was reported by Bruno López of Innotec Security, who found that it impacts Workspace ONE Access, VMware Identity Manager (vIDM), and vRealize Automation.
"A malicious actor with network access to the UI may be able to obtain administrative access wit...
The Department of Homeland Security's cybersecurity unit ordered Federal Civilian Executive Branch (FCEB) agencies today to urgently update or remove VMware products from their networks by Monday due to an increased risk of attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) issued the Emergency Directive 22-03 on Wednesday after VMware
(CVE-2022-22972 and CVE-2022-22973) today, auth bypass and a local privilege escalation affecting multiple products.
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Meanwhile, a security update for rsync What do you want on The Register?
VMware has fixed a critical authentication bypass vulnerability that hits 9.8 out of 10 on the CVSS severity scale and is present in multiple products.
That flaw is tracked as CVE-2022-31656, and affects VMware's Workspace ONE Access, Identity Manager, and vRealize Automation. It was addressed along with nine other security holes in this patch batch, published Tuesday.
Here's the bottom line of the '31656 bug, according to VMware: "A malicious actor with network access to the UI may ...
Vulmon