Authentication bypass in VMware Workspace ONE Access, Identity Manager and vRealize Automation

1) Improper Authentication

EUVDB-ID: #VU65957

Risk: Critical

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-31656

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error in authentication process affecting local domain users. A remote non-authenticated attacker with access to the UI can bypass authentication process and gain administrative access to the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Workspace ONE Access: 21.08.0.0 - 21.08.0.1

VMware Identity Manager: 3.3.4 - 3.3.6

Aria Automation (formerly vRealize Automation): 7.6

vRealize Suite Lifecycle Manager: 8.0 - 8.4.1 Patch 2

Cloud Foundation: 4.2 - 4.4

External links

http://www.vmware.com/security/advisories/VMSA-2022-0021.html
http://core.vmware.com/vmsa-2022-0021-questions-answers-faq
http://kb.vmware.com/s/article/89096
http://petrusviet.medium.com/dancing-on-the-architecture-of-vmware-workspace-one-access-eng-ad592ae1b6dd

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.