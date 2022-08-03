Patches out for serious vulnerabilities in several VMware products

By on
Patches out for serious vulnerabilities in several VMware products

Authentication bypass and remote code execution bugs fixed.

VMware has released patches for multiple vulnerabilities, one of which is deemed to be critical with a common vulnerabilities scoring system (CVSS) version 3 rating of 9.8 out of 10.

The critical bug allows attackers with network access to the user interface to get administrative access without authentication. 

Three VMware products - Workspace One Access, Identity Manager and vRealize Automation - are vulnerabile, and require patching for the vulnerability found by Petrus Viet of VNG Security.

Viet also found a remote code execution vulnerability in the same products, affecting the Java database connectivity (JDBC) driver they all use.

An attacker could use the flaw, with a CVSSv3 score of 8.0 and VMware rating of 'important', to run code remotely.

The attacker would need administrative and network access, however.

It is also possible to remotely attack VMware One Access and Identity Manager using a structured query language injection (SQLi) vulnerability, Viet found.

Again, that flaw requires administrator and network access to exploit, and carries a CVSSv3 rating of 8.0.

A total of 10 flaws are getting patches, with the following VMware products affected:

  • Workspace ONE Access 
  • Workspace ONE Access Connector 
  • Identity Manager 
  • Identity Manager Connector 
  • vRealize Automation 
  • Cloud Foundation
  • vRealize Suite Lifecycle Manager

"It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments," VMware said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
broadcompetrusvietsecurityvmwarevrealize

Sponsored Whitepapers

Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can&#8217;t protect what you can&#8217;t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future

Events

Most Read Articles

NBN Co told to 'reset' its pricing model

NBN Co told to 'reset' its pricing model
NBN Co's lack of notice of 'planned' works irks Telstra, users

NBN Co's lack of notice of 'planned' works irks Telstra, users
NBN Co says almost one-third of users on the wrong plan

NBN Co says almost one-third of users on the wrong plan
Aussie Broadband nears end of NBN PoI fibre rollout

Aussie Broadband nears end of NBN PoI fibre rollout

Digital Nation

Case Study: Good360 deploys NetSuite, Magento and Salesforce
Case Study: Good360 deploys NetSuite, Magento and Salesforce
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: EY invests in AI to improve approach to flexible working
Case Study: EY invests in AI to improve approach to flexible working
Case study: AFL kicks goals with its new digital platform
Case study: AFL kicks goals with its new digital platform
Personalisation strategies need to be built from the ground up
Personalisation strategies need to be built from the ground up

Log In

  |  Forgot your password?