Advisory: VMware Security Updates – May 2022
Advisory: VMware Security Updates – May 2022
VMware has released security updates to address multiple vulnerabilities in VMware products.
Affected products include:
-
VMware Workspace ONE Access
-
VMware vRealize Automation
-
VMware Cloud Foundation
-
VMware Identity Manager
-
vRealize Suite Lifecycle Manager
The vulnerabilities in affected VMware products are:
-
CVE-2022-22972: Authentication Bypass Vulnerability
-
CVE-2022-22973: Local Privilege Escalation Vulnerability
Security Risks
An attacker with network access to the User Interface (UI) can obtain administrative access and with a local access can escalate privileges to root. For more details, please refer to VMware Security Advisory.
Recommended Actions
The National Cyber Security Authority (NCSA) recommends all system administrators, who use affected VMware products:
-
apply the latest security patches to the affected VMware product version currently in use, which will eventually update other plugins to new version.
-
before any update task, ensure you have backup for your data.
For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009
References
VMware Security Advisory
VMWA-2022-0014: Questions and Answers
23 May 2022
More updates