Time to Patch VMware Products Against a Critical New Vulnerability
A dangerous VMware authentication-bypass bug could give threat actors administrative access over virtual machines.
![bug on microchip to illustrate a software bug bug on microchip to illustrate a software bug](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blta96242eb6b6b4682/64f17598d9762e6e75230227/software_bug_South_West_Images_Scotland_Alamy.jpg?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
Several VMware products need to be patched against a critical flaw that would allow authentication bypass for on-premises implementations.
The latest VMware bug is being tracked under CVE-2022-31656 and has a CVSSv3 base score of 9.8, according to the company.
The VMWare advisory reported the products affected include:
VMware Workspace ONE Access (Access)
VMware Workspace ONE Access Connector (Access Connector)
VMware Identity Manager (vIDM)
VMware Identity Manager Connector (vIDM Connector)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager
"It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments," the company warned in a security advisory. "If your organization uses ITIL methodologies for change management, this would be considered an 'emergency' change."
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024