On August 2, 2022, VMware posted advisory VMSA-2022-0021.1 indicating that they patched numerous privately reported vulnerabilities in several VMware products. On August 9, 2022, proof-of-concept exploit code was released by security researcher Petrus Viet targeting two vulnerabilities. The first, CVE-2022-31656, is a critical authentication bypass vulnerability for VMware Workspace ONE Access, Identity Manager, and vRealize Automation affecting local domain users. The second, CVE-2022-31659, is a Remote Code Execution (RCE) vulnerability affecting VMware Workspace ONE Access and Identity Manager. While these vulnerabilities have not yet been exploited in the wild, patching these flaws would be considered an emergency change for any organization that use ITIL methodologies for change management.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.