High Threat Security Alert (A22-05-10): Multiple Vulnerabilities in VMware Products


 

Published on: 19 May 2022

  
  

Description:

VMware has published a security advisory to address multiple vulnerabilities in VMware products. The list of security updates can be found at:

https://www.vmware.com/security/advisories/VMSA-2022-0014.html

Reports indicate that the vulnerabilities (CVE-2022-22972 and CVE-2022-22973) are at high risk of exploitation. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • VMware Cloud Foundation
  • VMware Identity Manager (vIDM)
  • VMware vRealize Automation (vRA)
  • VMware vRealize Suite Lifecycle Manager
  • VMware Workspace ONE Access (Access)

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation of the vulnerabilities could lead to privilege escalation or security restriction bypass on the affected system.

 

Recommendation:

Patches for affected products are available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.vmware.com/security/advisories/VMSA-2022-0014.html
  • https://www.cisa.gov/uscert/ncas/current-activity/2022/05/18/cisa-issues-emergency-directive-and-releases-advisory-related
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22972
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22973


Tag: VMware , VMware Cloud Foundation , VMware Identity Manager , VMware vRealize Automation , vRealize Suite Lifecycle Manager , VMware Workspace One Access
Tags