VMware: Patch this critical vulnerability immediately! (CVE-2022-31656)

VMware has released fixes for ten vulnerabilities, including CVE-2022-31656, an authentication bypass vulnerability affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation, which the company considers critical and advises to patch or mitigate immediately.

CVE-2022-31656 is an authentication bypass vulnerability affecting local domain users on VMware Workspace ONE Access, Identity Manager and vRealize Automation, that may allow an attacker with network access to the UI to obtain administrative access without the need to authenticate first.

“Given the prevalence of attacks targeting VMware vulnerabilities and a forthcoming proof-of-concept, organizations need to make patching CVE-2022-31656 a priority,” says Claire Tills, senior research engineer at Tenable.

She also noted that “Early reports indicate that CVE-2022-31656 is actually a variant or patch bypass of CVE-2022-22972 which was patched in [May 2022].”

Petrus Viet, the researcher who discovered CVE-2022-31656, has also reported CVE-2022-31659, a SQL injection flaw that can be exploited to trigger a remote code execution.

Along with the security advisory, VMware has also published a FAQ document that enterprise admins should consult to make sure they apply patches or workarounds correctly.

Share this article on social media:

Subscribe to Our Newsletter!

Stay on top of cybersecurity risks, evolving threats and industry news.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Fill out the form below and get an answer from our experts within 1 business day.
Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

Scroll to Top

BOOK A MEETING WITH AN EXPERT

Enter Your Corporate Email