Vulnerabilities

Hot on the heels of the recent April 2022 VMware critical security advisory VMSA-2022-0011, which addressed eight CVEs within VMware Workspace ONE Access and VMware Identity Manager, VMware has released a new creitical security advisory VMSA-2022-0014. This advisory addresses two new security vulnerabilities (CVE-2022-22972 and CVE-2022-22973) in VMware Workspace ONE Access and VMware Identity Manager, with one rated as critical. Authentication Bypass Vulnerability - CVE-2022-22972 According to VMware, a malicious user with network access to the VMware Workspace ONE Access or VMware Identity Manager user interfaces may be able to obtain administrative access without needing to authenticate.

Just a heads up. VMware has published Security Advisory VMSA-2020-0002 (CVE-2020-3941), which details information regarding a race condition within VMware Tools 10.x.x that can allow a user to escalate their privileges on a Windows VM. This issue was assigned a CVSSv3 score of 7.8 and has the potential to affect many environments as it applies to all releases of VMware Tools 10. The vulnerability can be resolved by installing VMware Tools 11, but if you can’t upgrade to VMware Tools 11, a workaround is available in VMware KB76654.