VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware identity_manager 3.3.4 |
||
vmware identity_manager 3.3.5 |
||
vmware identity_manager 3.3.6 |
||
vmware one_access 21.08.0.0 |
||
vmware one_access 21.08.0.1 |
||
vmware access_connector 21.08.0.0 |
||
vmware access_connector 21.08.0.1 |
||
vmware access_connector 22.05 |
||
vmware identity_manager_connector 3.3.4 |
||
vmware identity_manager_connector 3.3.5 |
||
vmware identity_manager_connector 3.3.6 |
||
vmware identity_manager_connector 19.03.0.1 |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Meanwhile, a security update for rsync What do you want on The Register?
VMware has fixed a critical authentication bypass vulnerability that hits 9.8 out of 10 on the CVSS severity scale and is present in multiple products. That flaw is tracked as CVE-2022-31656, and affects VMware's Workspace ONE Access, Identity Manager, and vRealize Automation. It was addressed along with nine other security holes in this patch batch, published Tuesday. Here's the bottom line of the '31656 bug, according to VMware: "A malicious actor with network access to the UI may be able to o...