On August 2, 2022 VMware released a critical security advisory, VMSA-2022-0021, that addresses security vulnerabilities found and resolved in VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products. VMware Identity Manager is also an optional external component that can provide authentication and authorization for other products, such as NSX, vRealize Operations, vRealize Log Insight, and vRealize Network Insight.
These vulnerabilities are authentication bypass, remote code execution, and privilege escalation vulnerabilities. An authentication bypass means that an attacker with network access to Workspace ONE Access, VMware Identity Manager, and vRealize Automation can obtain administrator access. Remote code execution (RCE) means that an attacker can trick the components into executing commands that aren’t authorized. Privilege escalation means that an attacker with local access can become root on the virtual appliance. It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments. If your organization uses ITIL methodologies for change management, this would be considered an “emergency” change. Information on patches and workarounds can be found in the VMware Security Advisory (link below).
As we have done in the past for critical security advisories, we are also maintaining a Frequently Asked Questions (FAQ) document for this advisory (link below) with additional self-service information and context.
Links
The VMware Security Advisory VMSA-2022-0021 can be found at:
https://www.vmware.com/security/advisories/VMSA-2022-0021.html
Frequently Asked Questions about VMSA-2022-0014 can be found at:
https://via.vmw.com/vmsa-2022-0021-questions-answers-faq
You should sign up to get a proactive email when a new VMware Security Advisory is issued. Do that at:
http://lists.vmware.com/mailman/listinfo/security-announce
Thank You
Critical security advisories are often challenging situations, and unfortunately part of the IT landscape. In line with VMware’s product security policy, we value transparency so that customers can protect themselves as rapidly as possible. Your security is important to us; please subscribe to the VMware Security Advisory Mailing List for proactive notifications, review the VMSA and FAQ, and let your VMware account teams know if there are additional questions we can answer. Thank you.