Security News > 2022 > August > VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws

VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws
2022-08-03 00:26

VMware has fixed a critical authentication bypass vulnerability that hits 9.8 out of 10 on the CVSS severity scale and is present in multiple products.

The critical vulnerability is similar to, or perhaps even a variant or patch bypass of, an earlier critical authentication bypass vulnerability that also rated 9.8 in severity and VMware fixed back in May. Shortly after that update was issued, CISA demanded US government agencies pull the plug on affected VMware products if patches can't be applied.

While the virtualization giant isn't aware of any in-the-wild exploits of the newer vulnerability, "It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments," VMware warned in an advisory.

Similar to the critical vuln that can be used in tandem with these two RCE, both affect VMware Workspace ONE Access, Identity Manager and vRealize Automation products.

While these three VMware vulns deserve top patching priority, there are some other nasty bugs in the bunch.

VMware disclosed another RCE vuln in VMware Workspace ONE Access, Identity Manager and vRealize Automation.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/03/vmware_critical_authentication_bypass/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591