Main Vulnerability Database SB2022080229

SB2022080229 - Authentication bypass in VMware Workspace ONE Access, Identity Manager and vRealize Automation

Published: August 2, 2022 Updated: August 10, 2022

Security Bulletin ID SB2022080229

Severity

Critical

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authentication (CVE-ID: CVE-2022-31656)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error in authentication process affecting local domain users. A remote non-authenticated attacker with access to the UI can bypass authentication process and gain administrative access to the system.

Remediation

Install update from vendor's website.

References

https://www.vmware.com/security/advisories/VMSA-2022-0021.html
https://core.vmware.com/vmsa-2022-0021-questions-answers-faq
https://kb.vmware.com/s/article/89096
https://petrusviet.medium.com/dancing-on-the-architecture-of-vmware-workspace-one-access-eng-ad592ae1b6dd

SB2022080229 - Authentication bypass in VMware Workspace ONE Access, Identity Manager and vRealize Automation

Breakdown by Severity

Description

Remediation

References

Please verify you're human