Issued: Thursday, 4 August, 2022 |
Last Revision: Thursday, 4 August, 2022 |
Vendor: |
Product: |
Severity Level: |
VMware has released security update in multiple products including VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager to address the multiple critical and important vulnerabilities.
Vulnerability CVE-2022-31656 is highly susceptible for exploitation.
For these various products, a remote attacker with access to the corresponding user interface might get administrator access without authentication if manage to exploit the vulnerability (CVE-2022-31656).
Furthermore, this vulnerability can be used as a starting point for an attack chain to exploit two remote code execution (RCE) vulnerability CVE-2022-31658 and CVE-2022-31659 that VMWare fixed in this release along with other vulnerabilities.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2022-31656 | Authentication Bypass Vulnerability | 9.8 |
Table 1: Vulnerability details
CVE/Vulnerability | Affected Product(s) | Affected Versions | Fixed Versions | ||
CVE-2022-31656
| VMware Workspace ONE Access | 21.08.0.1, 21.08.0.0 | https://kb.vmware.com/s/article/89096
| ||
Identity Manager | 3.3.6, 3.3.5, 3.3.4 | https://kb.vmware.com/s/article/89096
| |||
vRealize Automation | 7.6 | ||||
VMware Cloud Foundation (vIDM) | 4.4.x, 4.3.x, 4.2.x | ||||
vRealize Suite Lifecycle Manager (vIDM) | 8.x | ||||
VMware Cloud Foundation (vRA) | 3.x |
|
| ||
| |||||
Table 2: Vulnerable versions
Updates have already been made available for all the products in the “Affected Products” table, covering multiple versions with point releases.
Organizations are encouraged to mitigate the Authentication Bypass Vulnerability CVE-2022-31656 along with other vulnerabilities fixed in this release by Vendor provided fix.