High Threat Security Alert (A22-04-09): Multiple Vulnerabilities in VMware Products

Description:

VMware has published security advisories to address multiple vulnerabilities in VMware products. The list of security updates can be found at:

• https://www.vmware.com/security/advisories/VMSA-2022-0011.html
• https://www.vmware.com/security/advisories/VMSA-2022-0012.html

Reports indicate that the vulnerabilities (CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957 and CVE-2022-22958) are at high risk of exploitation. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• VMware Cloud Foundation
• VMware Horizon Client for Linux
• VMware Identity Manager (vIDM)
• VMware vRealize Automation (vRA)
• VMware Workspace ONE Access (Access)
• vRealize Suite Lifecycle Manager

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation of the vulnerabilities could lead to remote code execution, cross-site request forgery, information disclosure, privilege escalation or security restriction bypass on the affected system.

Recommendation:

Patches for affected products are available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

• https://www.vmware.com/security/advisories/VMSA-2022-0011.html
• https://www.vmware.com/security/advisories/VMSA-2022-0012.html
• https://www.hkcert.org/security-bulletin/vmware-products-multiple-vulnerabilities_20220407
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22954 (to CVE-2022-22962)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22964