Headline
CVE-2022-31658: VMSA-2022-0021
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
Advisory ID: VMSA-2022-0021.1
CVSSv3 Range: 4.7-9.8
Issue Date: 2022-08-02
Updated On: 2022-08-09
CVE(s): CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665
Synopsis: VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation updates address multiple vulnerabilities.
Share this page on social media
Sign up for Security Advisories
****1. Impacted Products****
- VMware Workspace ONE Access (Access)
- VMware Workspace ONE Access Connector (Access Connector)
- VMware Identity Manager (vIDM)
- VMware Identity Manager Connector (vIDM Connector)
- VMware vRealize Automation (vRA)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
****2. Introduction****
Multiple vulnerabilities were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products.
****3a. Authentication Bypass Vulnerability (CVE-2022-31656)****
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
To remediate CVE-2022-31656, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.
Workarounds for CVE-2022-31656 have been documented in the VMware Knowledge Base articles listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.
VMware has confirmed malicious code that can exploit CVE-2022-31656 in impacted products is publicly available.
VMware would like to thank PetrusViet (a member of VNG Security) for reporting this issue to us.
****3b. JDBC Injection Remote Code Execution Vulnerability (CVE-2022-31658)****
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.0.
A malicious actor with administrator and network access can trigger a remote code execution.
To remediate CVE-2022-31658, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.
VMware would like to thank PetrusViet (a member of VNG Security) for reporting this issue to us.
****3c. SQL injection Remote Code Execution Vulnerability (CVE-2022-31659)****
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.0.
A malicious actor with administrator and network access can trigger a remote code execution.
To remediate CVE-2022-31659, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.
VMware has confirmed malicious code that can exploit CVE-2022-31659 in impacted products is publicly available.
VMware would like to thank PetrusViet (a member of VNG Security) for reporting this issue to us.
****3d. Local Privilege Escalation Vulnerability (CVE-2022-31660, CVE-2022-31661)****
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. VMware has evaluated the severity of these issues to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
A malicious actor with local access can escalate privileges to 'root’.
To remediate CVE-2022-31660 and CVE-2022-31661 apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.
VMware would like to thank Spencer McIntyre of Rapid7 for reporting these issues to us.
****3e. Local Privilege Escalation Vulnerability (CVE-2022-31664)****
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
A malicious actor with local access can escalate privileges to 'root’.
To remediate CVE-2022-31664, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.
VMware would like to thank Steven Seeley (mr_me) of Qihoo 360 Vulnerability Research Institute for reporting this issue to us.
****3f. JDBC Injection Remote Code Execution Vulnerability (CVE-2022-31665)****
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.6.
A malicious actor with administrator and network access can trigger a remote code execution.
To remediate CVE-2022-31665, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.
VMware would like to thank Steven Seeley (mr_me) of Qihoo 360 Vulnerability Research Institute for reporting this issue to us.
****3g. URL Injection Vulnerability (CVE-2022-31657)****
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9.
A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.
To remediate CVE-2022-31657, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.
VMware would like to thank Tom Tervoort of Secura for reporting this issue to us.
****3h. Path traversal vulnerability (CVE-2022-31662)****
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. VMware has evaluated the severity of this issues to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
A malicious actor with network access may be able to access arbitrary files.
To remediate CVE-2022-31662, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.
VMware would like to thank PetrusViet (a member of VNG Security) for reporting this issue to us.
****3i. Cross-site scripting (XSS) vulnerability (CVE-2022-31663)****
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. VMware has evaluated the severity of this issues to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7.
Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user’s window.
To remediate CVE-2022-31663, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.
VMware would like to thank PetrusViet (a member of VNG Security) for reporting this issue to us.
Response Matrix - Access 21.08.x
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
Access
21.08.0.1, 21.08.0.0
Linux
CVE-2022-31656
9.8
critical
KB89096
KB89084
FAQ
Access
21.08.0.1, 21.08.0.0
Linux
CVE-2022-31658
8.0
important
KB89096
None
FAQ
Access
21.08.0.1, 21.08.0.0
Linux
CVE-2022-31659
8.0
important
KB89096
None
FAQ
Access
21.08.0.1, 21.08.0.0
Linux
CVE-2022-31660, CVE-2022-31661
7.8
important
KB89096
None
FAQ
Access
21.08.0.1, 21.08.0.0
Linux
CVE-2022-31664
7.8
important
KB89096
None
FAQ
Access
21.08.0.1, 21.08.0.0
Linux
CVE-2022-31665
7.6
important
KB89096
None
FAQ
Access
21.08.0.1, 21.08.0.0
Linux
CVE-2022-31657
5.9
moderate
KB89096
None
FAQ
Access
21.08.0.1, 21.08.0.0
Linux
CVE-2022-31662
5.3
moderate
KB89096
None
FAQ
Access
21.08.0.1, 21.08.0.0
Linux
CVE-2022-31663
4.7
moderate
KB89096
None
FAQ
Response Matrix - Identity Manager 3.3.x
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
vIDM
3.3.6, 3.3.5, 3.3.4
Linux
CVE-2022-31656
9.8
critical
KB89096
KB89084
FAQ
vIDM
3.3.6, 3.3.5, 3.3.4
Linux
CVE-2022-31658
8.0
important
KB89096
None
FAQ
vIDM
3.3.6, 3.3.5, 3.3.4
Linux
CVE-2022-31659
8.0
important
KB89096
None
FAQ
vIDM
3.3.6, 3.3.5, 3.3.4
Linux
CVE-2022-31660, CVE-2022-31661
7.8
important
KB89096
None
FAQ
vIDM
3.3.6, 3.3.5, 3.3.4
Linux
CVE-2022-31664
7.8
important
KB89096
None
FAQ
vIDM
3.3.6, 3.3.5, 3.3.4
Linux
CVE-2022-31665
7.6
important
KB89096
None
FAQ
vIDM
3.3.6, 3.3.5, 3.3.4
Linux
CVE-2022-31657
5.9
moderate
KB89096
None
FAQ
vIDM
3.3.6, 3.3.5, 3.3.4
Linux
CVE-2022-31662
5.3
moderate
KB89096
None
FAQ
vIDM
3.3.6, 3.3.5, 3.3.4
Linux
CVE-2022-31663
4.7
moderate
KB89096
None
FAQ
Response Matrix - Connectors
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
Access Connector
22.05
Windows
CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665
N/A
N/A
Unaffected
N/A
N/A
Access Connector
21.08.0.1, 21.08.0.0
Windows
CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665
N/A
N/A
Unaffected
N/A
N/A
vIDM Connector
3.3.6, 3.3.5, 3.3.4
Windows
CVE-2022-31662
5.3
moderate
KB89096
None
FAQ
vIDM Connector
3.3.6, 3.3.5, 3.3.4
Windows
CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665
N/A
N/A
Unaffected
N/A
N/A
vIDM Connector
19.03.0.1
Windows
CVE-2022-31662
5.3
moderate
KB89096
None
FAQ
vIDM Connector
19.03.0.1
Windows
CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665
N/A
N/A
Unaffected
N/A
N/A
Response Matrix - vRealize Automation (vIDM)
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
vRealize Automation [1]
8.x
Linux
CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665
N/A
N/A
Unaffected
N/A
N/A
vRealize Automation (vIDM) [2]
7.6
Linux
CVE-2022-31656
9.8
critical
KB89096
KB89084
FAQ
vRealize Automation (vIDM) [2]
7.6
Linux
CVE-2022-31658
8.0
important
KB89096
None
FAQ
vRealize Automation (vIDM) [2]
7.6
Linux
CVE-2022-31659
8.0
important
KB89096
None
FAQ
vRealize Automation (vIDM) [2]
7.6
Linux
CVE-2022-31660, CVE-2022-31661
7.8
important
KB89096
None
FAQ
vRealize Automation (vIDM) [2]
7.6
Linux
CVE-2022-31664
7.8
important
KB89096
None
FAQ
vRealize Automation (vIDM) [2]
7.6
Linux
CVE-2022-31665
7.6
important
KB89096
None
FAQ
vRealize Automation (vIDM) [2]
7.6
Linux
CVE-2022-31657
5.9
moderate
KB89096
None
FAQ
vRealize Automation (vIDM) [2]
7.6
Linux
CVE-2022-31662
5.3
moderate
KB89096
None
FAQ
vRealize Automation (vIDM) [2]
7.6
Linux
CVE-2022-31663
4.7
moderate
KB89096
None
FAQ
[1] vRealize Automation 8.x is unaffected since it does not use embedded vIDM. If vIDM has been deployed with vRA 8.x, fixes should be applied directly to vIDM.
[2] vRealize Automation 7.6 is affected since it uses embedded vIDM.
Impacted Product Suites that Deploy vIDM
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
VMware Cloud Foundation (vIDM)
4.4.x, 4.3.x, 4.2.x
Any
CVE-2022-31656
9.8
critical
KB89096
KB89084
FAQ
VMware Cloud Foundation (vIDM)
4.4.x, 4.3.x, 4.2.x
Any
CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31664, CVE-2022-31665, CVE-2022-31657, CVE-2022-31662, CVE-2022-31663
8.0, 8.0, 7.8, 7.8, 7.8, 7.6, 5.9, 5.3, 4.7
important
KB89096
None
FAQ
vRealize Suite Lifecycle Manager (vIDM)
8.x
Any
CVE-2022-31656
9.8
critical
KB89096
KB89084
FAQ
vRealize Suite Lifecycle Manager (vIDM)
8.x
Any
CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31664, CVE-2022-31665, CVE-2022-31657, CVE-2022-31662, CVE-2022-31663
8.0, 8.0, 7.8, 7.8, 7.8, 7.6, 5.9, 5.3, 4.7
important
KB89096
None
FAQ
Impacted Product Suites that Deploy vRA
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
VMware Cloud Foundation (vRA)
3.x
Any
CVE-2022-31656
9.8
critical
KB89096
KB89084
FAQ
VMware Cloud Foundation (vRA)
3.x
Any
CVE-2022-31658, CVE-2022-31660, CVE-2022-31661, CVE-2022-31664, CVE-2022-31665, CVE-2022-31662, CVE-2022-31663
8.0, 7.8, 7.8, 7.8, 7.6, 5.3, 4.7
important
KB89096
None
FAQ
VMware Cloud Foundation (vRA)
3.x
Any
CVE-2022-31659
N/A
N/A
Unaffected
N/A
N/A
VMware Cloud Foundation (vRA)
3.x
Any
CVE-2022-31657
N/A
N/A
Unaffected
N/A
N/A
****4. References****
****5. Change Log****
**2022-08-02: VMSA-2022-0021
**Initial security advisory.
2022-08-09: VMSA-2022-0021.1
Updated advisory with information that VMware has confirmed malicious code that can exploit CVE-2022-31656 and CVE-2022-31659 in impacted products is publicly available.
****6. Contact****
Related news
Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML.
Plus: Chrome patches another zero-day flaw, Microsoft closes up 100 vulnerabilities, Android gets a significant patch, and more.
A dangerous VMware authentication-bypass bug could give threat actors administrative access over virtual machines.
VMware Workspace ONE Access contains a vulnerability whereby the horizon user can escalate their privileges to those of the root user by modifying a file and then restarting the vmware-certproxy service which invokes it. The service control is permitted via the sudo configuration without a password.
Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.
Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.
Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.
Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.
Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.
Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.
Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.
Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.
Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.
In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.
In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.
In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.
In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.
In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.
In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.
In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Tags: CVSS Tags: rce Tags: vmware In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. (Read more...) The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Tags: CVSS Tags: rce Tags: vmware In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. (Read more...) The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Tags: CVSS Tags: rce Tags: vmware In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. (Read more...) The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Tags: CVSS Tags: rce Tags: vmware In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. (Read more...) The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Tags: CVSS Tags: rce Tags: vmware In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. (Read more...) The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Tags: CVSS Tags: rce Tags: vmware In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. (Read more...) The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Tags: CVSS Tags: rce Tags: vmware In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. (Read more...) The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.
Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager
Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager
Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager
Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager
Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager
Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager
Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager
Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager
Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager
Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager