SOCRadar® Cyber Intelligence Inc. | VMware Fixes Critical Vulnerabilities Including RCE and Authentication Bypass


Aug 03, 2022
3 Mins Read

VMware Fixes Critical Vulnerabilities Including RCE and Authentication Bypass

With the security update released Tuesday, VMware fixed ten vulnerabilities affecting some of its products. One is the authentication bypass vulnerability, which is critical with a CVSS score of 9.8. Three RCE vulnerabilities are also noteworthy.

The company warned its customers to apply the patches immediately.

The details of the vulnerabilities ranging from 4.7 to 9.8 CVSS scores are as follows:

  • CVE-2022-31656: Authentication Bypass (CVSS 9.8)
  • CVE-2022-31658: RCE (CVSS 8.0)
  • CVE-2022-31659: RCE (CVSS 8.0)
  • CVE-2022-31660: Local Privilege Escalation (CVSS 7.8)
  • CVE-2022-31661: Local Privilege Escalation (CVSS 7.8)
  • CVE-2022-31664: Local Privilege Escalation (CVSS 7.8)
  • CVE-2022-31665: RCE (CVSS 7.6)
  • CVE-2022-31657: URL Injection (CVSS 5.9)
  • CVE-2022-31662: Path Traversal (CVSS 5.3)
  • CVE-2022-31663: Cross-Site Scripting (CVSS 4.7)

How Do Vulnerabilities Affect?

The vulnerability with the highest CVSS score, code CVE-2022-31656, is an authentication bypass vulnerability that affects local domain users. This vulnerability affects the following VMware products:

  • VMware Workspace ONE Access
  • Identity Manager
  • vRealize Automation

A threat actor with access to the network can exploit this vulnerability to gain admin access. According to VMware’s statement, there is no evidence that this vulnerability has been exploited. While the firm acknowledges that this vulnerability bears similarities to a previously fixed vulnerability, it recommends applying the updates.

You can click here for workarounds for this vulnerability.

A JDBC injection RCE vulnerability, CVE-2022-31658, has a CVSS score of 8.0 and affects the following products:

  • VMware Workspace ONE Access
  • VMware Identity Manager
  • VMware vRealize Automation

Threat actors can RCE by exploiting this vulnerability when they have administrator or network access.

The SQL injection RCE vulnerability, CVE-2022-31659, can also be exploited by attackers with an administrator or network access, like the previous vulnerability. The products affected by this vulnerability are:

  • VMware Workspace ONE Access
  • VMware Identity Manager

You can find more detailed information about other vulnerabilities and which products they affect in VMware’s security advice. For detailed information about patches, you can click here.