VMware Urgent Patch

by Artie Kaye

A critical vulnerability was discovered and has a patch available for many of VMware’s products.  The affected programs and versions are below:

VMware Workspace ONE Access Appliance   

VMware Workspace ONE Access Appliance 

VMware Identity Manager Appliance & Connector 3.3.6 

VMware Identity Manager Appliance & Connector 3.3.5 

VMware Identity Manager Appliance & Connector 3.3.4 

VMware Identity Manager Connector 

The vulnerability allows for authentication bypass, which could give an attacker administrative access.  If you are using any of these products, VMware highly recommends immediate action.  Please see their advisory linked below.

The flaw is listed as CVE-2022-31656.