Security News > 2022 > August > VMware: Patch this critical vulnerability immediately! (CVE-2022-31656)

VMware: Patch this critical vulnerability immediately! (CVE-2022-31656)
2022-08-03 09:29

VMware has released fixes for ten vulnerabilities, including CVE-2022-31656, an authentication bypass vulnerability affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation, which the company considers critical and advises to patch or mitigate immediately.

CVE-2022-31656 is an authentication bypass vulnerability affecting local domain users on VMware Workspace ONE Access, Identity Manager and vRealize Automation, that may allow an attacker with network access to the UI to obtain administrative access without the need to authenticate first.

"Given the prevalence of attacks targeting VMware vulnerabilities and a forthcoming proof-of-concept, organizations need to make patching CVE-2022-31656 a priority," says Claire Tills, senior research engineer at Tenable.

She also noted that "Early reports indicate that CVE-2022-31656 is actually a variant or patch bypass of CVE-2022-22972 which was patched in [May 2022]."

Petrus Viet, the researcher who discovered CVE-2022-31656, has also reported CVE-2022-31659, a SQL injection flaw that can be exploited to trigger a remote code execution.

Along with the security advisory, VMware has also published a FAQ document that enterprise admins should consult to make sure they apply patches or workarounds correctly.


News URL

https://www.helpnetsecurity.com/2022/08/03/cve-2022-31656/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-08-05 CVE-2022-31659 SQL Injection vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability.
network
low complexity
vmware CWE-89
7.2
2022-08-05 CVE-2022-31656 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users.
network
low complexity
vmware
critical
9.8
2022-05-20 CVE-2022-22972 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users.
network
low complexity
vmware
critical
9.8