VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware identity_manager 3.3.3 |
||
vmware identity_manager 3.3.4 |
||
vmware identity_manager 3.3.5 |
||
vmware identity_manager 3.3.6 |
||
vmware workspace_one_access 20.10.0.0 |
||
vmware workspace_one_access 20.10.0.1 |
||
vmware workspace_one_access 21.08.0.0 |
||
vmware workspace_one_access 21.08.0.1 |
||
vmware cloud foundation 4.0 |
||
vmware cloud foundation 4.0.1 |
||
vmware vrealize suite lifecycle manager 8.0 |
||
vmware vrealize suite lifecycle manager 8.0.1 |
||
vmware vrealize suite lifecycle manager 8.1 |
||
vmware vrealize suite lifecycle manager 8.2 |
||
vmware cloud foundation 4.1 |
||
vmware cloud foundation 4.2.1 |
||
vmware cloud foundation 4.1.0.1 |
||
vmware cloud foundation 4.3.1 |
||
vmware cloud foundation 4.3 |
||
vmware cloud foundation 4.2 |
||
vmware vrealize suite lifecycle manager 8.8 |
||
vmware vrealize suite lifecycle manager 8.7 |
||
vmware vrealize suite lifecycle manager 8.6 |
||
vmware vrealize suite lifecycle manager 8.6.1 |
||
vmware vrealize suite lifecycle manager 8.6.2 |
||
vmware vrealize suite lifecycle manager 8.4.1 |
||
vmware vrealize suite lifecycle manager 8.4 |
||
vmware vrealize suite lifecycle manager 8.3 |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Critical authentication bypass revealed, older flaws under active attack
Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has issued two warnings in a single day to VMware users, as it believes the virtualization giant's products can be exploited by miscreants to gain control of systems. The agency rates this threat as sufficiently serious to demand US government agencies pull the plug on their VMware products if patches can’t be applied. Of the two warnings, one highlights a critical authentication bypass vulnerability – CVE-2022-22972, rated ...