Login
Get a Demo
Become a Partner
SOCRadar® Cyber Intelligence Inc. | VMware Fixes Critical Vulnerabilities Including RCE and Authentication Bypass
Table Of Content
Home

Resources

Blog
Aug 03, 2022
3 Mins Read

VMware Fixes Critical Vulnerabilities Including RCE and Authentication Bypass

With the security update released Tuesday, VMware fixed ten vulnerabilities affecting some of its products. One is the authentication bypass vulnerability, which is critical with a CVSS score of 9.8. Three RCE vulnerabilities are also noteworthy.

The company warned its customers to apply the patches immediately.

The details of the vulnerabilities ranging from 4.7 to 9.8 CVSS scores are as follows:

  • CVE-2022-31656: Authentication Bypass (CVSS 9.8)
  • CVE-2022-31658: RCE (CVSS 8.0)
  • CVE-2022-31659: RCE (CVSS 8.0)
  • CVE-2022-31660: Local Privilege Escalation (CVSS 7.8)
  • CVE-2022-31661: Local Privilege Escalation (CVSS 7.8)
  • CVE-2022-31664: Local Privilege Escalation (CVSS 7.8)
  • CVE-2022-31665: RCE (CVSS 7.6)
  • CVE-2022-31657: URL Injection (CVSS 5.9)
  • CVE-2022-31662: Path Traversal (CVSS 5.3)
  • CVE-2022-31663: Cross-Site Scripting (CVSS 4.7)

How Do Vulnerabilities Affect?

The vulnerability with the highest CVSS score, code CVE-2022-31656, is an authentication bypass vulnerability that affects local domain users. This vulnerability affects the following VMware products:

  • VMware Workspace ONE Access
  • Identity Manager
  • vRealize Automation

A threat actor with access to the network can exploit this vulnerability to gain admin access. According to VMware’s statement, there is no evidence that this vulnerability has been exploited. While the firm acknowledges that this vulnerability bears similarities to a previously fixed vulnerability, it recommends applying the updates.

You can click here for workarounds for this vulnerability.

A JDBC injection RCE vulnerability, CVE-2022-31658, has a CVSS score of 8.0 and affects the following products:

  • VMware Workspace ONE Access
  • VMware Identity Manager
  • VMware vRealize Automation

Threat actors can RCE by exploiting this vulnerability when they have administrator or network access.

The SQL injection RCE vulnerability, CVE-2022-31659, can also be exploited by attackers with an administrator or network access, like the previous vulnerability. The products affected by this vulnerability are:

  • VMware Workspace ONE Access
  • VMware Identity Manager

You can find more detailed information about other vulnerabilities and which products they affect in VMware’s security advice. For detailed information about patches, you can click here.

Related Articles
SOCRadar® Cyber Intelligence Inc. | OpenMetadata Vulnerabilities Allow Attackers to Cryptomine in Kubernetes Environments
OpenMetadata Vulnerabilities Allow Attackers to Cryptomine in Kubernetes Environments
Apr 18, 2024
SOCRadar® Cyber Intelligence Inc. | CVE-2024-21006 in Oracle WebLogic Server – Oracle’s April 2024 Update Brings 441 New Security Patches
CVE-2024-21006 in Oracle WebLogic Server – Oracle’s April 2024 Update Brings 441 New Security Patches
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Committing a Sin, OpenJS Foundation and XZ Utils Incidents: Lessons in Open Source Security
Committing a Sin, OpenJS Foundation and XZ Utils Incidents: Lessons in Open Source Security
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Ivanti Avalanche Received an Update for Over Two Dozen Vulnerabilities (CVE-2024-24996, CVE-2024-29204…)
Ivanti Avalanche Received an Update for Over Two Dozen Vulnerabilities (CVE-2024-24996, CVE-2024-29204…)
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Major Cyber Attacks in Review: March 2024
Major Cyber Attacks in Review: March 2024
Apr 16, 2024