On April 6, 2022 VMware released VMSA-2022-0011, a critical advisory addressing security vulnerabilities found and resolved in VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products. VMware Identity Manager is also an optional external component that can provide authentication and authorization for other products, such as NSX, vRealize Operations, vRealize Log Insight, and vRealize Network Insight. The security of our customers is a top priority at VMware and we strongly urge customers to assess and remediate all instances of Workspace ONE Access and VMware Identity Manager in your environment.
These vulnerabilities are unauthenticated remote code execution vulnerabilities, meaning that if an attacker can reach these products over the network, they can gain unauthorized access. It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments. If your organization uses ITIL methodologies for change management, this would be considered an “emergency” change. Information on patches and workarounds can be found in the VMware Security Advisory, VMSA-2022-0011 itself (link below).
As we have done in the past for critical security advisories, we are also keeping a Frequently Asked Questions (FAQ) document alongside the VMware Security Advisory itself (link below).
This vulnerability has already been fully resolved for customers of Workspace ONE hosted services and VMware Cloud hosted services, as part of the shared responsibility model. No further action is needed by customers to protect workloads in those environments.
Links & Resources
The VMware Security Advisory VMSA-2022-0011 can be found at:
Frequently Asked Questions about VMSA-2022-0011 can be found at:
You should sign up to get an email when a new VMSA is released, or an existing VMSA is updated. You can do that at:
We also have terrific resources for security, regulatory compliance, and ransomware resilience. Check them out at https://techzone.vmware.com, https://core.vmware.com/security, and https://core.vmware.com/ransomware.
Critical security advisories are often challenging situations and unfortunately part of the landscape of IT. In line with VMware’s product security policy, we value transparency so that customers can protect themselves as rapidly as possible. Please subscribe to the VMware Security Advisory Mailing List for proactive notifications, review the FAQ document, and let your VMware account teams know if there are additional questions we can answer. Thank you.