VMWare Patches Critical Authentication Bypass Vulnerability

May 19, 2022 

VMWare Patches Critical Authentication Bypass Vulnerability

VMWare has patched a critical vulnerability, which may allow attackers to obtain administrative access without the need to authenticate. 

The Vulnerability

  • CVE-2022-22972, (CVSS 3.1: 9.8, Critical) – A malicious actor with network access to the UI may be able to obtain administrative access without authentication. 

Affected Products

  • VMware Workspace ONE Access (Access). 
  • VMware Identity Manager (vIDM). 
  • VMware vRealize Automation (vRA). 
  • VMware Cloud Foundation. 
  • VMware vRealize Suite Lifecycle Manager. 

Please visit the official advisory for a list of affected versions. 

Mitigation

CYREBRO recommends patching all relevant products to mitigate the vulnerability. For a list of available patches and possible workarounds, please refer to the ‘Response Matrix’ section in the official advisory. 

References: VMWare Advisory. 

Sign Up for Updates