VMware has released an article related to VMSA-2022-0011 security vulnerabilities found in some of its products with the required patches for the fixes. The company states that those vulnerabilities are critical and the products need to be patched immediately.

Several products are affected

The affected products are VMware Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Suite Lifecycle Manager, VMware vRealize, Automation (vRA), and VMware Cloud Foundation. The critical vulnerabilities of these products include a server-side template injection remote code execution, two OAuth2 ACS authentication bypass vulnerabilities, and two JDBC injection remote code execution vulnerabilities. Here is the list of the critical vulnerabilities:

Buy Cheap VMWARE products license

  • CVE-2022-22954 (CVSS 9.8): VMware Workspace One Access and Identity Manager
  • CVE-2022-22955 (CVSS 9.8): VMware Workspace ONE Access
  • CVE-2022-22956 (CVSS 9.8): VMware Workspace ONE Access
  • CVE-2022-22957 (CVSS 9.1): VMware Workspace ONE Access, Identity Manager, and vRealize Automation
  • CVE-2022-22958 (CVSS 9.1): VMware Workspace ONE Access, Identity Manager, and vRealize Automation

In addition to the critical vulnerabilities, there are also a cross-site request forgery vulnerability, local privilege escalation vulnerability, and an information disclosure vulnerability, with CVSS scores ranging between 8.8 and 5.3. You can see their tracking codes and their severities below:

  • CVE-2022-22959 (CVSS: 8.8): VMware Workspace ONE Access, Identity Manager, and vRealize Automation
  • CVE-2022-22960 (CVSS: 7.8): VMware Workspace ONE Access, Identity Manager, and vRealize Automation
  • CVE-2022-22961 (CVSS: 5.3): VMware Workspace ONE Access, Identity Manager, and vRealize Automation

You can see the full list of the affected components below:

  • VMware Workspace ONE Access Appliance 21.08.0.1
  • VMware Workspace ONE Access Appliance 21.08.0.0
  • VMware Workspace ONE Access Appliance 20.10.0.1
  • VMware Workspace ONE Access Appliance 20.10.0.0
  • VMware Identity Manager Appliance 3.3.6
  • VMware Identity Manager Appliance 3.3.5
  • VMware Identity Manager Appliance 3.3.4
  • VMware Identity Manager Appliance 3.3.3
  • VMware Realize Automation 7.6

A workaround is available

Alongside the patches, VMware has also released a guide for a workaround for mitigating the risks. Here are the steps for the workaround procedure:

  • Login as sshuser, sudo to root-level access. 
  • Download and transfer the HW-154129-applyWorkaround.py script to the virtual appliance. VMware recommends SCP protocol to transfer the file to the appliance.
  • Navigate to the downloaded file path using the “cd” command. 
  • Run the Python script using the command below
python3 HW-154129-applyWorkaround.py

VMware

Quick search

cheap cpanel license
cheap license buy
cheap plesk license
cheap litespeed license

Recent Comments

    Telegram: @licenseman_net | If have any question make Contact with our agents | daily discount code : Show On Telegram Channel