Multiple Vulnerabilities in VMware Products

VMware released patches to address multiple vulnerabilities found in VMware products, including a critical vulnerability with a CVSSv3 base score of 9.8. Based on the advisory, a temporary workaround has been released that works for the critical vulnerability(CVE-2022-31656) and it does not cover the other issues.

______________________________

A. Nature of the Vulnerabilities

CVE-2022-31656 (Authentication Bypass Vulnerability)

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

CVE-2022-31657 (URL Injection Vulnerability)

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9.

CVE-2022-31658 (JDBC Injection Remote Code Execution Vulnerability)

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.0.

CVE-2022-31659 (SQL injection Remote Code Execution Vulnerability)

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.0.

CVE-2022-31660, CVE-2022-31661 (Local Privilege Escalation Vulnerability)

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. VMware has evaluated the severity of these issues to be in the Important severity range with a maximum CVSSv3 base score of 7.8.

CVE-2022-31662(Path traversal vulnerability)

VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

CVE-2022-31663(Cross-site scripting (XSS) vulnerability)

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7.

CVE-2022-31664 (Local Privilege Escalation Vulnerability)

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.

CVE-2022-31665 (JDBC Injection Remote Code Execution Vulnerability)

______________________________

B. Affected Products

VMware Workspace ONE Access (Access)
VMware Workspace ONE Access Connector (Access Connector)
VMware Identity Manager (vIDM)
VMware Identity Manager Connector (vIDM Connector)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager

______________________________

C. Actions to be Taken

CERT-PH encourages all VMware users/administrators to review the advisory (VMSA-2022-0021) and apply the necessary updates to mitigate future threats.
Regularly check and apply the latest patch of software, especially to public-facing applications.
Proactively monitor and secure identified systems and devices for any suspicious/malicious activities.
In addition, providing and capacitating employees with cybersecurity knowledge and information to minimize the attack surface.
For additional information, kindly refer to the official advisory:
- <https://www.vmware.com/security/advisories/VMSA-2022-0021.html>
- <https://blogs.vmware.com/security/2022/08/vmsa-2022-0021-what-you-need-to-know.html>