Threat Encyclopedia

VMware.vRealize.Automation.Authentication.Bypass

description-logoDescription

This indicates an attack attempt to exploit an Authentication Bypass vulnerability in VMware Workspace ONE Access, Identity Manager and vRealize Automation.
The vulnerability is due to a validation error in the application when handling maliciously crafted requests. An attacker can exploit this to obtain administrative access without the need to authenticate.

affected-products-logoAffected Products

VMWare Identity Manager 3.3.3 to 3.3.6
VMWare vRealize Automation 7.6
VMWare Workspace ONE Access 21.10.0.1
VMWare Workspace ONE Access 21.10.0.0
VMWare Workspace ONE Access 21.08.0.0
VMWare Workspace ONE Access 21.08.0.1

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Applied latest upgrade or patch from the vendor: https://www.vmware.com/security/advisories/VMSA-2022-0014.html

CVE References

CVE-2022-22972