Security News > 2022 > August > VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws
![VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws](/static/build/img/news/vmware-patches-critical-make-me-admin-auth-bypass-bug-plus-nine-other-flaws-medium.jpg)
VMware has fixed a critical authentication bypass vulnerability that hits 9.8 out of 10 on the CVSS severity scale and is present in multiple products.
The critical vulnerability is similar to, or perhaps even a variant or patch bypass of, an earlier critical authentication bypass vulnerability that also rated 9.8 in severity and VMware fixed back in May. Shortly after that update was issued, CISA demanded US government agencies pull the plug on affected VMware products if patches can't be applied.
While the virtualization giant isn't aware of any in-the-wild exploits of the newer vulnerability, "It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments," VMware warned in an advisory.
Similar to the critical vuln that can be used in tandem with these two RCE, both affect VMware Workspace ONE Access, Identity Manager and vRealize Automation products.
While these three VMware vulns deserve top patching priority, there are some other nasty bugs in the bunch.
VMware disclosed another RCE vuln in VMware Workspace ONE Access, Identity Manager and vRealize Automation.
News URL
Related news
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Exploit for critical Veeam auth bypass available, patch now (source)
- ASUS warns of critical remote authentication bypass on 7 routers (source)
- ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models (source)
- VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- Hackers target new MOVEit Transfer critical auth bypass bug (source)
- Docker fixes critical 5-year old authentication bypass flaw (source)
- Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins (source)
- Docker fixes critical auth bypass flaw, again (CVE-2024-41110) (source)