Time to Patch VMware Products Against a Critical New Vulnerability

A dangerous VMware authentication-bypass bug could give threat actors administrative access over virtual machines.

Dark Reading Staff, Dark Reading

August 4, 2022

1 Min Read
bug on microchip to illustrate a software bug
Source: South West Images Scotland via Alamy

Several VMware products need to be patched against a critical flaw that would allow authentication bypass for on-premises implementations.

The latest VMware bug is being tracked under CVE-2022-31656 and has a CVSSv3 base score of 9.8, according to the company. 

The VMWare advisory reported the products affected include: 

  • VMware Workspace ONE Access (Access)

  • VMware Workspace ONE Access Connector (Access Connector)

  • VMware Identity Manager (vIDM)

  • VMware Identity Manager Connector (vIDM Connector)

  • VMware vRealize Automation (vRA)

  • VMware Cloud Foundation

  • vRealize Suite Lifecycle Manager

"It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments," the company warned in a security advisory. "If your organization uses ITIL methodologies for change management, this would be considered an 'emergency' change."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights