by Artie Kaye
A critical vulnerability was discovered and has a patch available for many of VMware’s products. The affected programs and versions are below:
VMware Workspace ONE Access Appliance 21.08.0.1
VMware Workspace ONE Access Appliance 21.08.0.0
VMware Identity Manager Appliance & Connector 3.3.6
VMware Identity Manager Appliance & Connector 3.3.5
VMware Identity Manager Appliance & Connector 3.3.4
VMware Identity Manager Connector 19.03.0.1
The vulnerability allows for authentication bypass, which could give an attacker administrative access. If you are using any of these products, VMware highly recommends immediate action. Please see their advisory linked below.
The flaw is listed as CVE-2022-31656.
https://www.vmware.com/security/advisories/VMSA-2022-0021.html
https://kb.vmware.com/s/article/89096
https://www.securityweek.com/vmware-ships-urgent-patch-authentication-bypass-security-hole