Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Vulnerabilities in VMware Products
Alerts

Vulnerabilities in VMware Products

19 May 2022

VMware has released security updates to address vulnerabilities in multiple VMware products:

  • VMware Cloud Foundation

  • VMware Identity Manager (vIDM)

  • vRealize Suite Lifecycle Manager

  • VMware vRealize Automation (vRA)

  • VMware Workspace ONE Access (Access)

The vulnerabilities are:

  • CVE-2022-22972: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. An attacker with network access to the user interface (UI) may be able to obtain administrative access without the need for authentication.

  • CVE-2022-22973: VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. An attacker with local access can escalate privileges to 'root'.

Administrators of the affected products are advised to upgrade to the latest versions immediately.

More information is available here:

https://www.vmware.com/security/advisories/VMSA-2022-0014.html

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/18/cisa-issues-emergency-directive-and-releases-advisory-related


Back to top