VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware identity_manager 3.3.3 |
||
vmware identity_manager 3.3.4 |
||
vmware identity_manager 3.3.5 |
||
vmware identity_manager 3.3.6 |
||
vmware vrealize_automation 7.6 |
||
vmware workspace_one_access 20.10.0.0 |
||
vmware workspace_one_access 20.10.0.1 |
||
vmware workspace_one_access 21.08.0.0 |
||
vmware workspace_one_access 21.08.0.1 |
||
vmware cloud foundation 4.0 |
||
vmware cloud foundation 4.0.1 |
||
vmware vrealize suite lifecycle manager 8.0 |
||
vmware vrealize suite lifecycle manager 8.0.1 |
||
vmware vrealize suite lifecycle manager 8.1 |
||
vmware vrealize suite lifecycle manager 8.2 |
||
vmware cloud foundation 3.0 |
||
vmware cloud foundation 3.0.1 |
||
vmware cloud foundation 3.0.1.1 |
||
vmware cloud foundation 3.5 |
||
vmware cloud foundation 3.5.1 |
||
vmware cloud foundation 3.7 |
||
vmware cloud foundation 3.7.1 |
||
vmware cloud foundation 3.7.2 |
||
vmware cloud foundation 3.8 |
||
vmware cloud foundation 3.8.1 |
||
vmware cloud foundation 3.9 |
||
vmware cloud foundation 3.9.1 |
||
vmware cloud foundation 3.10 |
||
vmware cloud foundation 4.1 |
||
vmware cloud foundation 4.2.1 |
||
vmware cloud foundation 4.1.0.1 |
||
vmware cloud foundation 3.11 |
||
vmware cloud foundation 3.10.1 |
||
vmware cloud foundation 3.10.1.1 |
||
vmware cloud foundation 3.10.1.2 |
||
vmware cloud foundation 3.10.2.1 |
||
vmware cloud foundation 3.10.2.2 |
||
vmware cloud foundation 4.3.1 |
||
vmware cloud foundation 4.3 |
||
vmware cloud foundation 4.2 |
||
vmware cloud foundation 3.11.0.1 |
||
vmware vrealize suite lifecycle manager 8.8 |
||
vmware vrealize suite lifecycle manager 8.7 |
||
vmware vrealize suite lifecycle manager 8.6 |
||
vmware vrealize suite lifecycle manager 8.6.1 |
||
vmware vrealize suite lifecycle manager 8.6.2 |
||
vmware vrealize suite lifecycle manager 8.4.1 |
||
vmware vrealize suite lifecycle manager 8.4 |
||
vmware vrealize suite lifecycle manager 8.3 |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Meanwhile, a security update for rsync What do you want on The Register?
VMware has fixed a critical authentication bypass vulnerability that hits 9.8 out of 10 on the CVSS severity scale and is present in multiple products. That flaw is tracked as CVE-2022-31656, and affects VMware's Workspace ONE Access, Identity Manager, and vRealize Automation. It was addressed along with nine other security holes in this patch batch, published Tuesday. Here's the bottom line of the '31656 bug, according to VMware: "A malicious actor with network access to the UI may be able to o...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Critical authentication bypass revealed, older flaws under active attack
Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has issued two warnings in a single day to VMware users, as it believes the virtualization giant's products can be exploited by miscreants to gain control of systems. The agency rates this threat as sufficiently serious to demand US government agencies pull the plug on their VMware products if patches can’t be applied. Of the two warnings, one highlights a critical authentication bypass vulnerability – CVE-2022-22972, rated ...