VMware Urgent Patch


by Artie Kaye

A critical vulnerability was discovered and has a patch available for many of VMware’s products.  The affected programs and versions are below:

VMware Workspace ONE Access Appliance  21.08.0.1   

VMware Workspace ONE Access Appliance  21.08.0.0 

VMware Identity Manager Appliance & Connector 3.3.6 

VMware Identity Manager Appliance & Connector 3.3.5 

VMware Identity Manager Appliance & Connector 3.3.4 

VMware Identity Manager Connector 19.03.0.1 

The vulnerability allows for authentication bypass, which could give an attacker administrative access.  If you are using any of these products, VMware highly recommends immediate action.  Please see their advisory linked below.

The flaw is listed as CVE-2022-31656.

https://www.vmware.com/security/advisories/VMSA-2022-0021.html

https://kb.vmware.com/s/article/89096

https://www.bleepingcomputer.com/news/security/vmware-urges-admins-to-patch-critical-auth-bypass-bug-immediately/

https://www.securityweek.com/vmware-ships-urgent-patch-authentication-bypass-security-hole