May 19, 2022
VMWare Patches Critical Authentication Bypass Vulnerability
VMWare has patched a critical vulnerability, which may allow attackers to obtain administrative access without the need to authenticate.
- CVE-2022-22972, (CVSS 3.1: 9.8, Critical) – A malicious actor with network access to the UI may be able to obtain administrative access without authentication.
- VMware Workspace ONE Access (Access).
- VMware Identity Manager (vIDM).
- VMware vRealize Automation (vRA).
- VMware Cloud Foundation.
- VMware vRealize Suite Lifecycle Manager.
Please visit the official advisory for a list of affected versions.
CYREBRO recommends patching all relevant products to mitigate the vulnerability. For a list of available patches and possible workarounds, please refer to the ‘Response Matrix’ section in the official advisory.
References: VMWare Advisory.