Home > Cyber News > CVE-2022-31656: Critical VMware Authentication Bypass Vulnerability

CVE-2022-31656: Critical VMware Authentication Bypass Vulnerability

CVE-2022-31656: Critical VMware Authentication Bypass Vulnerability

VMware recently released another set of patches addressing a number of vulnerabilities in several products.

The vulnerabilities (CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665) were reported privately. The severity scores of the flaws vary from 4.7 to 9.8 according to the CVSS system.

The list of affected products includes the following:

  • VMware Workspace ONE Access (Access)
  • VMware Workspace ONE Access Connector (Access Connector)
  • VMware Identity Manager (vIDM)
  • VMware Identity Manager Connector (vIDM Connector)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

CVE-2022-31656: An Authentication Bypass Vulnerability

The most dangerous of the vulnerabilities, rated 9.8, is CVE-2022-31656, or an authentication bypass issue that impacts local domain users. The latter could be exploited by a threat actor with network access to obtain administrative rights. The vulnerability doesn’t require the need to authenticate. According to the company’s advisory, VMware Workspace ONE Access, Identity Manager and vRealize Automation are affected by this flaw.

The next on the list of fixed issues in terms of severity is CVE-2022-31658, a remote code execution vulnerability rated 8.0. The issue affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. The flaw can be exploited by a threat actor with administrator and network access to trigger a remote code execution condition.

Another remote code execution vulnerability with a CVSS score of 8.0 is CVE-2022-31659 in VMware Workspace ONE Access and Identity Manager.

The company has also patched a reflected cross-site scripting (XSS) vulnerability. CVE-2022-31663 is a result of improper user sanitization, and could lead to the activation of malicious JavaScript code.
The list also includes three local privilege escalation bugs known as CVE-2022-31660, CVE-2022-31661, and CVE-2022-31664; a URL injection vulnerability identified as CVE-2022-31657, and a path traversal bug assigned the CVE-2022-31662 identifier.

All affected customers should apply the available patches immediately.

Last month, VMware patched CVE-2021-22048, a high-severity privilege escalation vulnerability in the VMware vCenter Server IWA mechanism, which also affects the Cloud Foundation hybrid platform. Eight months after the vulnerability was disclosed, the company released a patch for one of the affected versions.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree