VMware releases security patch to fix flaws in multiple products

CVE-2022-22954

Today, VMware has released a security update to address multiple vulnerabilities in VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation
vRealize Suite Lifecycle Manager. An attacker could exploit some of these vulnerabilities to escalate privileges to the root user, gain access to the hostnames of the target systems, and remotely execute arbitrary code, effectively taking control of an affected system.

The details are below:

  • CVE-2022-22954 (CVSS score: 9.8) – Server-side template injection remote code execution vulnerability affecting VMware Workspace ONE Access and Identity Manager
  • CVE-2022-22955 & CVE-2022-22956 (CVSS scores: 9.8) – OAuth2 ACS authentication bypass vulnerabilities in VMware Workspace ONE Access
  • CVE-2022-22957 & CVE-2022-22958 (CVSS scores: 9.1) – JDBC injection remote code execution vulnerabilities in VMware Workspace ONE Access, Identity Manager, and vRealize Automation
  • CVE-2022-22959 (CVSS score: 8.8) – Cross-site request forgery (CSRF) vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation
  • CVE-2022-22960 (CVSS score: 7.8) – Local privilege escalation vulnerability in VMware Workspace ONE Access, Identity Manager and vRealize Automation, and
  • CVE-2022-22961 (CVSS score: 5.3) – Information disclosure vulnerability impacting VMware Workspace ONE Access, Identity Manager, and vRealize Automation

VMware warned, “This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA-2021-0011. The ramifications of this vulnerability are serious. All environments are different, have different tolerance for risk, and have different security controls and defense-in-depth to mitigate risk, so customers must make their own decisions on how to proceed. However, given the severity of the vulnerability, we strongly recommend immediate action.”

VMware is not aware of accounts compromised by exploiting these vulnerabilities.