VMware Ships Urgent Patch for Authentication Bypass Security Hole
Residence › Endpoint Safety
VMware Ships Pressing Patch for Authentication Bypass Safety Gap
By Ryan Naraine on August 02, 2022
Tweet
Virtualization know-how big VMware on Tuesday shipped an pressing, high-priority patch to deal with an authentication bypass vulnerability in its Workspace ONE Entry, Id Supervisor and vRealize Automation merchandise.
The vulnerability carries VMware’s highest severity score (CVSSv3 base rating of 9.8) and needs to be remediated at once, the corporate stated in an advisory.
“VMware Workspace ONE Entry, Id Supervisor and vRealize Automation include an authentication bypass vulnerability affecting native area customers. A malicious actor with community entry to the UI could possibly get hold of administrative entry with out the necessity to authenticate,” VMware warned.
“This vital vulnerability needs to be patched or mitigated instantly per the directions in [the advisory],” VMware stated.
[ READ: VMware Confirms Workspace One Exploits in the Wild ]
The authentication bypass vulnerability, tracked as CVE-2022-31656, was found and reported by PetrusViet (a member of VNG Safety).
The corporate stated it was not conscious of in-the-wild exploitation however, in a supplemental observe, VMware confirmed this flaw is a variant of a beforehand patched situation (VMSA-2022-0014) for which there’s exploit code publicly accessible.
The most recent patches additionally embrace cowl for a minimum of 9 documented vulnerabilities affecting the VMware Workspace ONE Entry, Entry Connector, Id Supervisor, Id Supervisor Connector and vRealize Automation product traces.
Associated: VMware Calls Consideration to Excessive-Severity vCenter Server Flaw
Associated: Crucial Code Execution Flaw Haunts VMware Cloud Director
Associated: VMware Confirms Workspace One Exploits within the Wild
Get the Each day Briefing
- Most Current
- Most Learn
- Spanish Analysis Heart Suffers Cyberattack Linked to Russia
- VMware Ships Pressing Patch for Authentication Bypass Safety Gap
- European Missile Maker MBDA Denies Hackers Breached Techniques
- Cybrary Raises $25 Million to Sort out Cybersecurity Workforce Coaching
- Go-Primarily based Apps Susceptible to Assaults As a result of URL Parsing Concern
- Google Patches Crucial Android Flaw Permitting Distant Code Execution by way of Bluetooth
- Luxembourg Power Firm Hit by Ransomware
- Eavesdropping Probe Finds Israeli Police Exceeded Authority
- LockBit Ransomware Abuses Home windows Defender for Payload Loading
- Australian Man Charged for Creating Imminent Monitor RAT
On the lookout for Malware in All of the Flawed Locations?
First Step For The Web’s subsequent 25 years: Including Safety to the DNS
Tattle Story: What Your Pc Says About You
Be in a Place to Act By means of Cyber Situational Consciousness
Report Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant
2010, A Nice Yr To Be a Scammer.
Do not Let DNS be Your Single Level of Failure
Methods to Establish Malware in a Blink
Defining and Debating Cyber Warfare
The 5 A’s that Make Cybercrime so Engaging
Methods to Defend In opposition to DDoS Assaults
Safety Budgets Not in Line with Threats
Anycast – Three Causes Why Your DNS Community Ought to Use It
The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering Organizations
Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise
