Security News > 2022 > August > VMware Releases Patches for Several New Flaws Affecting Multiple Products
Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions.
The most severe of the flaws is CVE-2022-31656, an authentication bypass vulnerability affecting local domain users that could be leveraged by a bad actor with network access to obtain administrative access.
Also resolved by VMware are three remote code execution vulnerabilities related to JDBC and SQL injection that could be weaponized by an adversary with administrator and network access.
Elsewhere, it has also remediated a reflected cross-site scripting vulnerability that it said is a result of improper user sanitization, which could lead to the activation of malicious JavaScript code.
Rounding off the patches are three local privilege escalation bugs that permit an actor with local access to escalate privileges to "Root," a URL injection vulnerability, and a path traversal bug.
VMware said it's not aware of the exploitation of these vulnerabilities in the wild, but urged customers using the vulnerable products to apply the patches immediately to mitigate potential threats.
News URL
https://thehackernews.com/2022/08/vmware-releases-patches-for-several-new.html
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-05 | CVE-2022-31656 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. | 9.8 |