Vulnerabilities in VMware Products

Published on 19 May 2022

Updated on 19 May 2022

VMware has released security updates to address vulnerabilities in multiple VMware products:

  • VMware Cloud Foundation
  • VMware Identity Manager (vIDM)
  • vRealize Suite Lifecycle Manager
  • VMware vRealize Automation (vRA)
  • VMware Workspace ONE Access (Access)

The vulnerabilities are:

  • CVE-2022-22972: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. An attacker with network access to the user interface (UI) may be able to obtain administrative access without the need for authentication.
  • CVE-2022-22973: VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. An attacker with local access can escalate privileges to 'root'.

Administrators of the affected products are advised to upgrade to the latest versions immediately.

More information is available here:
https://www.vmware.com/security/advisories/VMSA-2022-0014.html
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/18/cisa-issues-emergency-directive-and-releases-advisory-related