Critical VMware updates available
The urgent updates fix ten vulnerabilities for VMware products.
The available VMware updates are extremely important. One vulnerability allows access without a password and this is just one of the ten vulnerabilities for which VMware is bringing urgent updates.
The authentication bypass vulnerability CVE-2022-31656 is particularly critical. It allows an attacker access without a password via the user interface of VMware Workspace ONE Access, Identity Manager and vRealize Automation. VMware itself explains in a blog post that it is extremely important to act quickly now to close the gap.
The following products are affected by the vulnerabilities:
- VMware Workspace ONE Access (Access)
- VMware Workspace ONE Access Connector
- VMware Identity Manager (vIDM)
- VMware Identity Manager Connector (vIDM Connector)
- VMware vRealize Automation (vRA)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
Users of the products should import the recommended updates as soon as possible. The VMware advisory VMSA-2022-0021 lists the individual gaps and the recommended measures for each.