If you suspect an active attack on your business, call our emergency hotline at: 612-399-9680
If you suspect an active attack on your business, call our emergency hotline at: 612-399-9680

VMware Vulnerabilities Patches

Vulnerabilities in VMWARE allow internal attackers to gain unauthenticated administrative access to the entire company’s infrastructure.

Who is affected: Anyone using: VMware Workspace ONE Access (Access) VMware Identity Manager (vIDM) VMware vRealize Automation (vRA) VMware Cloud Foundation vRealize Suite Lifecycle Manager

Authentication Bypass Vulnerability (CVE-2022-22972)
* VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
* A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

 Local Privilege Escalation Vulnerability (CVE-2022-22973)
* VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
* A malicious actor with local access can escalate privileges to ‘root’.


Install KB88438 for fix

Facebook
Twitter
LinkedIn
Pinterest

Related Posts