VMware Issues Patches for Several New Flaws Impacting Multiple Products

VMware released security patches on Tuesday to address ten security flaws affecting multiple products that could be exploited by unauthorized attackers to perform malicious actions. These issues had earlier been reported by Petrus VietSpencer McIntyre,  Steven Seeley, and Tom Tervoort 

The issues, which affect VMware Workspace ONE Access, VMware Workspace ONE Access Connector (Access Connector), VMware Identity Manager (vIDM), VMware Identity Manager Connector (vIDM Connector), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager, are tracked as CVE-2022-31656CVE-2022-31657CVE-2022-31658CVE-2022-31659CVE-2022-31660CVE-2022-31661CVE-2022-31662CVE-2022-31663CVE-2022-31664CVE-2022-31665.

The most severe issue is CVE-2022-31656 (CVSS score: 9.8), an authentication bypass vulnerability that affects local domain users and might be exploited by a malicious actor with network access to obtain administrative access without the need to authenticate.

Three remote code execution flaws related to JDBC and SQL injection (CVE-2022-31658, CVE-2022-31659, and CVE-2022-31665) that might be exploited by malicious actors with administrator and network access have also been fixed by VMware.

CVE-2022-31658, CVE-2022-31659, and CVE-2022-31665

Additionally, it has also fixed a reflected cross-site scripting (XSS) vulnerability (CVE-2022-31663) that was caused by poor user sanitization and might have activated malicious JavaScript code, according to the company.

Other patches include three local privilege escalation bugs (CVE-2022-31660, CVE-2022-31664, and CVE-2022-31661 ), a URL injection vulnerability (CVE-2022-31657), and a path traversal bug. These bugs allow an actor with local access to escalate privileges to “root” (CVE-2022-31662).

While CVE-2022-31657 can allow an authenticated user to be redirected to any domain, CVE-2022-31662 gives an attacker the ability to read files in an unauthorized way.

Although VMware claimed to be unaware of any actual usage of these vulnerabilities, it urged users of the affected products to apply patches promptly to reduce potential threats.

114 thoughts on “VMware Issues Patches for Several New Flaws Impacting Multiple Products”

  1. I blog often and I really thank you for your information. Your article has truly peaked my interest.
    I am going to take a note of your site and keep checking for new details
    about once per week. I subscribed to your RSS feed as
    well.

  2. Good day! Do you know if they make any plugins to help with Search Engine Optimization? I’m trying to
    get my blog to rank for some targeted keywords but I’m not
    seeing very good results. If you know of any
    please share. Appreciate it!

  3. Attractive part of content. I just stumbled upon your web site and
    in accession capital to claim that I acquire in fact
    enjoyed account your weblog posts. Anyway
    I will be subscribing in your feeds or even I success
    you get entry to persistently rapidly.

  4. I do not know whether it’s just me or if everybody else encountering problems with your
    site. It appears as though some of the text on your
    content are running off the screen. Can somebody else please comment and let me know if this is happening to them as well?

    This might be a problem with my browser because I’ve had this happen before.
    Kudos

  5. Pingback: madison james research tadalafil reviews

  6. Pingback: can i hire someone to write my essay

  7. Pingback: admission essay help

  8. Pingback: best websites for essays

  9. Pingback: custom written essay

  10. Pingback: cheap essay writers

  11. Pingback: cheap custom essay

  12. Pingback: cheap law essay writing service

  13. Pingback: prescription without a doctor's prescription

  14. Pingback: tadalafil tablets 5mg

  15. Pingback: purchase viagra online australia

  16. Pingback: cialis 20 mg coupon

  17. hello there and thank you for your information – I have definitely picked up anything new from right here.
    I did however expertise a few technical issues using this website, since
    I experienced to reload the web site many times previous to I could get it to load properly.
    I had been wondering if your web host is OK? Not that I am complaining, but sluggish loading instances
    times will very frequently affect your placement in google and can damage your high
    quality score if ads and marketing with Adwords.

    Well I’m adding this RSS to my email and could look out for much more of your respective interesting content.
    Make sure you update this again soon.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top