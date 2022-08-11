Admin access without a password – and that’s just one of the ten gaps for which VMware is bringing urgent updates.
VMware releases updates for a total of ten vulnerabilities in various products. One authentication bypass vulnerability (CVE-2022-31656) is particularly difficult: It allows an attacker administrative access without a password via the user interface of VMware Workspace ONE Access, Identity Manager and vRealize Automation. VMware itself explains in a blog post that it is “extremely important” to act quickly now to close the gaps.
he following products are specifically affected:
- VMware Workspace ONE Access (Access)
- VMware Workspace ONE Access Connector
- VMware Identity Manager (vIDM)
- VMware Identity Manager Connector (vIDM Connector)
- VMware vRealize Automation (vRA)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
Users of the products should import the recommended updates as soon as possible. The VMware advisory VMSA-2022-0021 lists the individual gaps and the recommended measures for each.