Critical VMware updates available

The urgent updates fix ten vulnerabilities for VMware products.

The available VMware updates are extremely important. One vulnerability allows access without a password and this is just one of the ten vulnerabilities for which VMware is bringing urgent updates.

The authentication bypass vulnerability CVE-2022-31656 is particularly critical. It allows an attacker access without a password via the user interface of VMware Workspace ONE Access, Identity Manager and vRealize Automation. VMware itself explains in a blog post that it is extremely important to act quickly now to close the gap.

The following products are affected by the vulnerabilities:

  • VMware Workspace ONE Access (Access)
  • VMware Workspace ONE Access Connector
  • VMware Identity Manager (vIDM)
  • VMware Identity Manager Connector (vIDM Connector)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

Users of the products should import the recommended updates as soon as possible. The VMware advisory VMSA-2022-0021 lists the individual gaps and the recommended measures for each.

about author