VMware has released a security update to address a critical vulnerability (CVE-2022-31656) in several VMware products.
Successful exploitation of this authentication bypass vulnerability may allow an unauthenticated attacker with network access to a local domain user's user interface (UI) to gain administrative privileges. Affected products include VMware Workspace ONE Access, Identity Manager and vRealize Automation.
Administrators and users of affected products are advised to upgrade to the latest version immediately. Patch instructions released by VMware can be found here
More information is available here: