Security News > 2022 > April > VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products
VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks.
Credited with reporting all the vulnerabilities is Steven Seeley of Qihoo 360 Vulnerability Research Institute.
CVE-2022-22954 - Server-side template injection remote code execution vulnerability affecting VMware Workspace ONE Access and Identity Manager.
CVE-2022-22957 & CVE-2022-22958 - JDBC injection remote code execution vulnerabilities in VMware Workspace ONE Access, Identity Manager, and vRealize Automation.
"This critical vulnerability should be patched or mitigated immediately," VMware said in an alert.
While the virtualization services provider noted that it has not seen any evidence that the vulnerabilities have been exploited in the wild, it's highly recommended to apply the patches to remove potential threats.
News URL
https://thehackernews.com/2022/04/vmware-releases-critical-patches-for.html
Related news
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical vulnerabilities remain unresolved due to prioritization gaps (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-13 | CVE-2022-22958 | Deserialization of Untrusted Data vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). | 7.2 |
| 2022-04-13 | CVE-2022-22957 | Deserialization of Untrusted Data vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). | 7.2 |
| 2022-04-11 | CVE-2022-22954 | Code Injection vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. | 9.8 |