Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31658: VMSA-2022-0021

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

CVE
#sql#xss#vulnerability#windows#linux#java#rce#vmware#auth

Advisory ID: VMSA-2022-0021.1

CVSSv3 Range: 4.7-9.8

Issue Date: 2022-08-02

Updated On: 2022-08-09

CVE(s): CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665

Synopsis: VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation updates address multiple vulnerabilities.

Share this page on social media

Sign up for Security Advisories

****1. Impacted Products****

  • VMware Workspace ONE Access (Access)
  • VMware Workspace ONE Access Connector (Access Connector)
  • VMware Identity Manager (vIDM)
  • VMware Identity Manager Connector (vIDM Connector)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

****2. Introduction****

Multiple vulnerabilities were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products.

****3a. Authentication Bypass Vulnerability (CVE-2022-31656)****

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

To remediate CVE-2022-31656, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.

Workarounds for CVE-2022-31656 have been documented in the VMware Knowledge Base articles listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.

VMware has confirmed malicious code that can exploit CVE-2022-31656 in impacted products is publicly available.

VMware would like to thank PetrusViet (a member of VNG Security) for reporting this issue to us.

****3b. JDBC Injection Remote Code Execution Vulnerability (CVE-2022-31658)****

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.0.

A malicious actor with administrator and network access can trigger a remote code execution.

To remediate CVE-2022-31658, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.

VMware would like to thank PetrusViet (a member of VNG Security) for reporting this issue to us.

****3c. SQL injection Remote Code Execution Vulnerability (CVE-2022-31659)****

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.0.

A malicious actor with administrator and network access can trigger a remote code execution.

To remediate CVE-2022-31659, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.

VMware has confirmed malicious code that can exploit CVE-2022-31659 in impacted products is publicly available.

VMware would like to thank PetrusViet (a member of VNG Security) for reporting this issue to us.

****3d. Local Privilege Escalation Vulnerability (CVE-2022-31660, CVE-2022-31661)****

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. VMware has evaluated the severity of these issues to be in the Important severity range with a maximum CVSSv3 base score of 7.8.

A malicious actor with local access can escalate privileges to 'root’.

To remediate CVE-2022-31660 and CVE-2022-31661 apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.

VMware would like to thank Spencer McIntyre of Rapid7 for reporting these issues to us.

****3e. Local Privilege Escalation Vulnerability (CVE-2022-31664)****

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.

A malicious actor with local access can escalate privileges to 'root’.

To remediate CVE-2022-31664, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.

VMware would like to thank Steven Seeley (mr_me) of Qihoo 360 Vulnerability Research Institute for reporting this issue to us.

****3f. JDBC Injection Remote Code Execution Vulnerability (CVE-2022-31665)****

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.6.

A malicious actor with administrator and network access can trigger a remote code execution.

To remediate CVE-2022-31665, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.

VMware would like to thank Steven Seeley (mr_me) of Qihoo 360 Vulnerability Research Institute for reporting this issue to us.

****3g. URL Injection Vulnerability (CVE-2022-31657)****

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9.

A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.

To remediate CVE-2022-31657, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.

VMware would like to thank Tom Tervoort of Secura for reporting this issue to us.

****3h. Path traversal vulnerability (CVE-2022-31662)****

VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. VMware has evaluated the severity of this issues to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

A malicious actor with network access may be able to access arbitrary files.

To remediate CVE-2022-31662, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.

VMware would like to thank PetrusViet (a member of VNG Security) for reporting this issue to us.

****3i. Cross-site scripting (XSS) vulnerability (CVE-2022-31663)****

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. VMware has evaluated the severity of this issues to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7.

Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user’s window.

To remediate CVE-2022-31663, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.

VMware would like to thank PetrusViet (a member of VNG Security) for reporting this issue to us.

Response Matrix - Access 21.08.x

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31656

9.8

critical

KB89096

KB89084

FAQ

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31658

8.0

important

KB89096

None

FAQ

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31659

8.0

important

KB89096

None

FAQ

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31660, CVE-2022-31661

7.8

important

KB89096

None

FAQ

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31664

7.8

important

KB89096

None

FAQ

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31665

7.6

important

KB89096

None

FAQ

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31657

5.9

moderate

KB89096

None

FAQ

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31662

5.3

moderate

KB89096

None

FAQ

Access

21.08.0.1, 21.08.0.0

Linux

CVE-2022-31663

4.7

moderate

KB89096

None

FAQ

Response Matrix - Identity Manager 3.3.x

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31656

9.8

critical

KB89096

KB89084

FAQ

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31658

8.0

important

KB89096

None

FAQ

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31659

8.0

important

KB89096

None

FAQ

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31660, CVE-2022-31661

7.8

important

KB89096

None

FAQ

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31664

7.8

important

KB89096

None

FAQ

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31665

7.6

important

KB89096

None

FAQ

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31657

5.9

moderate

KB89096

None

FAQ

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31662

5.3

moderate

KB89096

None

FAQ

vIDM

3.3.6, 3.3.5, 3.3.4

Linux

CVE-2022-31663

4.7

moderate

KB89096

None

FAQ

Response Matrix - Connectors

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Access Connector

22.05

Windows

CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665

N/A

N/A

Unaffected

N/A

N/A

Access Connector

21.08.0.1, 21.08.0.0

Windows

CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665

N/A

N/A

Unaffected

N/A

N/A

vIDM Connector

3.3.6, 3.3.5, 3.3.4

Windows

CVE-2022-31662

5.3

moderate

KB89096

None

FAQ

vIDM Connector

3.3.6, 3.3.5, 3.3.4

Windows

CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665

N/A

N/A

Unaffected

N/A

N/A

vIDM Connector

19.03.0.1

Windows

CVE-2022-31662

5.3

moderate

KB89096

None

FAQ

vIDM Connector

19.03.0.1

Windows

CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665

N/A

N/A

Unaffected

N/A

N/A

Response Matrix - vRealize Automation (vIDM)

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

vRealize Automation [1]

8.x

Linux

CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665

N/A

N/A

Unaffected

N/A

N/A

vRealize Automation (vIDM) [2]

7.6

Linux

CVE-2022-31656

9.8

critical

KB89096

KB89084

FAQ

vRealize Automation (vIDM) [2]

7.6

Linux

CVE-2022-31658

8.0

important

KB89096

None

FAQ

vRealize Automation (vIDM) [2]

7.6

Linux

CVE-2022-31659

8.0

important

KB89096

None

FAQ

vRealize Automation (vIDM) [2]

7.6

Linux

CVE-2022-31660, CVE-2022-31661

7.8

important

KB89096

None

FAQ

vRealize Automation (vIDM) [2]

7.6

Linux

CVE-2022-31664

7.8

important

KB89096

None

FAQ

vRealize Automation (vIDM) [2]

7.6

Linux

CVE-2022-31665

7.6

important

KB89096

None

FAQ

vRealize Automation (vIDM) [2]

7.6

Linux

CVE-2022-31657

5.9

moderate

KB89096

None

FAQ

vRealize Automation (vIDM) [2]

7.6

Linux

CVE-2022-31662

5.3

moderate

KB89096

None

FAQ

vRealize Automation (vIDM) [2]

7.6

Linux

CVE-2022-31663

4.7

moderate

KB89096

None

FAQ

[1] vRealize Automation 8.x is unaffected since it does not use embedded vIDM. If vIDM has been deployed with vRA 8.x, fixes should be applied directly to vIDM.
[2] vRealize Automation 7.6 is affected since it uses embedded vIDM.

Impacted Product Suites that Deploy vIDM

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

VMware Cloud Foundation (vIDM)

4.4.x, 4.3.x, 4.2.x

Any

CVE-2022-31656

9.8

critical

KB89096

KB89084

FAQ

VMware Cloud Foundation (vIDM)

4.4.x, 4.3.x, 4.2.x

Any

CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31664, CVE-2022-31665, CVE-2022-31657, CVE-2022-31662, CVE-2022-31663

8.0, 8.0, 7.8, 7.8, 7.8, 7.6, 5.9, 5.3, 4.7

important

KB89096

None

FAQ

vRealize Suite Lifecycle Manager (vIDM)

8.x

Any

CVE-2022-31656

9.8

critical

KB89096

KB89084

FAQ

vRealize Suite Lifecycle Manager (vIDM)

8.x

Any

CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31664, CVE-2022-31665, CVE-2022-31657, CVE-2022-31662, CVE-2022-31663

8.0, 8.0, 7.8, 7.8, 7.8, 7.6, 5.9, 5.3, 4.7

important

KB89096

None

FAQ

Impacted Product Suites that Deploy vRA

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

VMware Cloud Foundation (vRA)

3.x

Any

CVE-2022-31656

9.8

critical

KB89096

KB89084

FAQ

VMware Cloud Foundation (vRA)

3.x

Any

CVE-2022-31658, CVE-2022-31660, CVE-2022-31661, CVE-2022-31664, CVE-2022-31665, CVE-2022-31662, CVE-2022-31663

8.0, 7.8, 7.8, 7.8, 7.6, 5.3, 4.7

important

KB89096

None

FAQ

VMware Cloud Foundation (vRA)

3.x

Any

CVE-2022-31659

N/A

N/A

Unaffected

N/A

N/A

VMware Cloud Foundation (vRA)

3.x

Any

CVE-2022-31657

N/A

N/A

Unaffected

N/A

N/A

****4. References****

****5. Change Log****

**2022-08-02: VMSA-2022-0021
**Initial security advisory.

2022-08-09: VMSA-2022-0021.1

Updated advisory with information that VMware has confirmed malicious code that can exploit CVE-2022-31656 and CVE-2022-31659 in impacted products is publicly available.

****6. Contact****

Related news

CVE-2023-33653: Bypass IIS Authorisation with this One Weird Trick - Three RCEs and Two Auth Bypasses in Sitecore 9.3

Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML.

Time to Patch VMware Products Against a Critical New Vulnerability

A dangerous VMware authentication-bypass bug could give threat actors administrative access over virtual machines.

VMware Workspace ONE Access Privilege Escalation

VMware Workspace ONE Access contains a vulnerability whereby the horizon user can escalate their privileges to those of the root user by modifying a file and then restarting the vmware-certproxy service which invokes it. The service control is permitted via the sudo configuration without a password.

VMWare Urges Users to Patch Critical Authentication Bypass Bug

Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.

VMWare Urges Users to Patch Critical Authentication Bypass Bug

Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.

VMWare Urges Users to Patch Critical Authentication Bypass Bug

Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.

VMWare Urges Users to Patch Critical Authentication Bypass Bug

Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.

VMWare Urges Users to Patch Critical Authentication Bypass Bug

Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.

VMWare Urges Users to Patch Critical Authentication Bypass Bug

Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.

VMWare Urges Users to Patch Critical Authentication Bypass Bug

Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.

VMWare Urges Users to Patch Critical Authentication Bypass Bug

Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.

VMWare Urges Users to Patch Critical Authentication Bypass Bug

Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.

Update now! VMWare patches critical vulnerabilities in several products

In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

Update now! VMWare patches critical vulnerabilities in several products

In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

Update now! VMWare patches critical vulnerabilities in several products

In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

Update now! VMWare patches critical vulnerabilities in several products

In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

Update now! VMWare patches critical vulnerabilities in several products

In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

Update now! VMWare patches critical vulnerabilities in several products

In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

Update now! VMWare patches critical vulnerabilities in several products

In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

Update now! VMWare patches critical vulnerabilities in several products

Categories: Exploits and vulnerabilities Tags: CVSS Tags: rce Tags: vmware In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. (Read more...) The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

Update now! VMWare patches critical vulnerabilities in several products

Categories: Exploits and vulnerabilities Tags: CVSS Tags: rce Tags: vmware In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. (Read more...) The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

Update now! VMWare patches critical vulnerabilities in several products

Categories: Exploits and vulnerabilities Tags: CVSS Tags: rce Tags: vmware In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. (Read more...) The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

Update now! VMWare patches critical vulnerabilities in several products

Categories: Exploits and vulnerabilities Tags: CVSS Tags: rce Tags: vmware In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. (Read more...) The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

Update now! VMWare patches critical vulnerabilities in several products

Categories: Exploits and vulnerabilities Tags: CVSS Tags: rce Tags: vmware In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. (Read more...) The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

Update now! VMWare patches critical vulnerabilities in several products

Categories: Exploits and vulnerabilities Tags: CVSS Tags: rce Tags: vmware In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. (Read more...) The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

Update now! VMWare patches critical vulnerabilities in several products

Categories: Exploits and vulnerabilities Tags: CVSS Tags: rce Tags: vmware In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. (Read more...) The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

VMware Releases Patches for Several New Flaws Affecting Multiple Products

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager

VMware Releases Patches for Several New Flaws Affecting Multiple Products

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager

VMware Releases Patches for Several New Flaws Affecting Multiple Products

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager

VMware Releases Patches for Several New Flaws Affecting Multiple Products

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager

VMware Releases Patches for Several New Flaws Affecting Multiple Products

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager

VMware Releases Patches for Several New Flaws Affecting Multiple Products

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager

VMware Releases Patches for Several New Flaws Affecting Multiple Products

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager

VMware Releases Patches for Several New Flaws Affecting Multiple Products

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager

VMware Releases Patches for Several New Flaws Affecting Multiple Products

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager

VMware Releases Patches for Several New Flaws Affecting Multiple Products

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907