VMware on Tuesday released updates to address 10 security flaws affecting several products that could be used by unauthenticated attackers to perform malicious activities.
CVE-2022-31656 to CVE-2022-31665
Issues tracked from CVE-2022-31656 to CVE-2022-31665 (CVSS Score: 4.7-9.8) affect VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager Connector, vRealize Automation, Cloud Foundation and vRealize Suite Lifecycle Manager.
The most critical vulnerability is CVE-2022-31656 (CVSS Score: 9.8), an authentication bypass vulnerability affecting local domain users that could be exploited by an attacker with network access to gain administrative privileges.
VMware also fixed three remote code execution vulnerabilities (CVE-2022-31658, CVE-2022-31659 and CVE-2022-31665) related to JDBC and SQL injection that could be exploited by an attacker with administrator and network access.
While successful exploitation of CVE-2022-31657 makes it possible to redirect an authenticated user to an arbitrary domain, CVE-2022-31662 could equip an attacker to read files in an unauthorized manner.
Recommendation for VMware security flaws
Organizations should patch these vulnerabilities as soon as possible.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment