VMware urged users to patch a critical vulnerability that has a CVSS score of 9.8 that impacts VMware Workspace ONE Access and VMware Identity Manager. The vulnerability, tracked as CVE-2022-22954, is being used in active attacks, causing servers to be infected with coin miners. VMware stated that the vulnerability can cause remote code execution with server-side template injection. Fix for the vulnerability is currently available.
Along with remote code execution vulnerabilities, VMware patched two authentication bypass vulnerabilities in the OAuth2 ACS framework, CVE-2022-22955 and CVE-2022-22956, with a CVSS score of 9.8. VMware also patched two remote critical code execution vulnerabilities, CVE-2022-22957 and CVE-2022-22958, found in VMware Workspace ONE Access, Identity Manager, and vRealize Automation.
VMware Workspace ONE Access, Identity Manager, and vRealize Automation also contain a cross-site request forgery vulnerability with a CVSS base score of 8.8. CVE-2022-22959 can be exploited to trick users through a cross-site request forgery to unintentionally validate a malicious JDBC URI. These solutions also contain CVE-2022-22960 and CVE-2022-22961 which have CVSS scores of 7.8 and 5.3 respectively.
- VMware Workspace ONE Access (Access)
- VMware Identity Manager (vIDM)
- VMware vRealize Automation (vRA)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager