Critical Vulnerability in VMware Products

Published on 03 Aug 2022

Updated on 03 Aug 2022

VMware has released a security update to address a critical vulnerability (CVE-2022-31656) in several VMware products.

Successful exploitation of this authentication bypass vulnerability may allow an unauthenticated attacker with network access to a local domain user's user interface (UI) to gain administrative privileges. Affected products include VMware Workspace ONE Access, Identity Manager and vRealize Automation.

Administrators and users of affected products are advised to upgrade to the latest version immediately. Patch instructions released by VMware can be found here.

More information is available here:
https://www.vmware.com/security/advisories/VMSA-2022-0021.html