On August 2, 2022, VMware posted advisory VMSA-2022-0021.1 indicating that they patched numerous privately reported vulnerabilities in several VMware products. On August 9, 2022, proof-of-concept exploit code was released by security researcher Petrus Viet targeting two vulnerabilities. The first, CVE-2022-31656, is a critical authentication bypass vulnerability for VMware Workspace ONE Access, Identity Manager, and vRealize Automation affecting local domain users. The second, CVE-2022-31659, is a Remote Code Execution (RCE) vulnerability affecting VMware Workspace ONE Access and Identity Manager. While these vulnerabilities have not yet been exploited in the wild, patching these flaws would be considered an emergency change for any organization that use ITIL methodologies for change management.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in