Security News > 2022 > August > VMware urges admins to patch critical auth bypass bug immediately

VMware urges admins to patch critical auth bypass bug immediately
2022-08-02 14:51

VMware has warned admins today to patch a critical authentication bypass security flaw affecting local domain users in multiple products and enabling unauthenticated attackers to gain admin privileges.

"This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA," VMware warned.

VMware provides patch download links and detailed installation instructions on its knowledgebase website.

VMware doesn't recommend using this workaround and says the only way to address the CVE-2022-31656 auth bypass flaw fully is to patch the vulnerable products.

"While the decision to patch or use the workaround is yours, VMware always strongly recommends patching as the simplest and most reliable way to resolve this type of issue."

In May, VMware patched an almost identical critical vulnerability, another authentication bypass bug found by Bruno López of Innotec Security in Workspace ONE Access, VMware Identity Manager, and vRealize Automation.


News URL

https://www.bleepingcomputer.com/news/security/vmware-urges-admins-to-patch-critical-auth-bypass-bug-immediately/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-08-05 CVE-2022-31656 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users.
network
low complexity
vmware
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591