Critical Authentication Bypass Vulnerability in VMware Products – CVE-2022-22972

Share :

On Wednesday, May 18, 2022, VMware published an advisory (VMSA-2022-0014) to address multiple vulnerabilities, including CVE-2022-22972, an authentication bypass vulnerability affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation.

This vulnerability was assigned a CVSSv3 score of 9.8, making it a critical vulnerability. If successfully exploited, a threat actor with network access to a vulnerable appliance may be able to obtain administrative access without the need to authenticate. The exploitation of vulnerabilities like this is a common tactic used by ransomware groups after gaining initial footholds in victim networks.

While there is no known Proof of Concept (PoC) exploit code or observed exploitation in the wild for CVE-2022-22972, the Cyber Security and Infrastructure Agency (CISA) has indicated that similar types of vulnerabilities disclosed last month in the same VMware products quickly had exploits developed and used in attacks by threat actors within days of a patch being released. We assess that threat actors will move quickly to reverse engineer the patches for CVE-2022-22972 and develop exploits to use in targeted attacks such as ransomware.

We strongly recommend you review the below listing of affected VMware appliances and follow VMware’s patching or workaround guidance for any identified vulnerable appliances in your network with a priority focus on internet-facing appliances.

Impacted Appliances

Product Component  Affected Version(s)  VMware Guidance
VMware Workspace ONE Access Appliance 
    • Applying Patches:

    • Applying Workarounds:

VMware Identity Manager Appliance
  • 3.3.3
  • 3.3.4 
  • 3.3.5
  • 3.3.6
VMware Realize Automation 7.6
  • 7.6


Picture of Adrian Korn

Adrian Korn

Adrian Korn is a seasoned cyber security professional with 7+ years' experience in cyber threat intelligence, threat detection, and security operations. He currently serves as the Manager of Threat Intelligence Research at Arctic Wolf Labs. Adrian has been a guest speaker on intelligence related topics at numerous conferences around the world, including DEF CON's Recon Village, Hackfest, and the Australian OSINT Symposium.
Share :
Table of Contents
Subscribe to our Monthly Newsletter