< BACK TO BLOG

April 8, 2022
by Adrian Korn

Multiple Critical Vulnerabilities Disclosed in VMware Products

On Wednesday, April 6, 2022, VMware disclosed several critical-severity vulnerabilities impacting multiple VMware products. If successfully exploited, the vulnerabilities could lead to Remote Code Execution (RCE) or Authentication Bypass.

In addition to the critical severity vulnerabilities, VMware disclosed several high and medium severity vulnerabilities, which could lead to Cross Site Request Forgery (CSRF), Local Privilege Escalation (LPE), or Information Disclosure. All of the vulnerabilities were discovered and responsibly reported to VMware by a security researcher and patches are available to remediate all vulnerabilities.

Affected Products:

VMware Workspace ONE Access (Access)
VMware Identity Manager (vIDM)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager

Vulnerability	CVE Identifier
Server-side Template Injection Remote Code Execution	CVE-2022-22954
OAuth2 ACS Authentication Bypass	CVE-2022-22955, CVE-2022-22956
JDBC Injection Remote Code Execution	CVE-2022-22957, CVE-2022-22958
Cross Site Request Forgery	CVE-2022-22959
Local Privilege Escalation	CVE-2022-22960
Information Disclosure	CVE-2022-22961

VMWare Recommendations

Recommendation #1: Install Vendor Supplied Patches for Affected Products

Impacted Product	Affected Version(s)	Running On	CVE Identifier	Severity	Fixed Version
VMware Workspace ONE Access	21.08.0.1, 21.08.0.0, 20.10.0.1, 21.10.0.0	Linux	CVE-2022-22954	Critical – 9.8	KB88099
VMware Workspace ONE Access	21.08.0.1, 21.08.0.0, 20.10.0.1, 21.10.0.0	Linux	CVE-2022-22955, CVE-2022-22956	Critical – 9.8	KB88099
VMware Workspace ONE Access	21.08.0.1, 21.08.0.0, 20.10.0.1, 21.10.0.0	Linux	CVE-2022-22957, CVE-2022-22958	Critical – 9.1	KB88099
VMware Workspace ONE Access	21.08.0.1, 21.08.0.0, 20.10.0.1, 21.10.0.0	Linux	CVE-2022-22959	High- 8.8	KB88099
VMware Workspace ONE Access	21.08.0.1, 21.08.0.0, 20.10.0.1, 21.10.0.0	Linux	CVE-2022-22960	High – 7.8	KB88099
VMware Workspace ONE Access	21.08.0.1, 21.08.0.0, 20.10.0.1, 21.10.0.0	Linux	CVE-2022-22961	Medium – 5.3	KB88099

Impacted Product	Affected Version(s)	Running On	CVE Identifier	Severity	Fixed Version
VMware Identity Manager (vIDM)	3.3.6, 3.3.5, 3.3.4, 3.3.3	Linux	CVE-2022-22954	Critical – 9.8	KB88099
VMware Identity Manager (vIDM)	3.3.6, 3.3.5, 3.3.4, 3.3.3	Linux	CVE-2022-22957, CVE-2022-22958	Critical – 9.1	KB88099
vRealize Automation (vIDM)	7.6	Linux	CVE-2022-22957, CVE-2022-22958	Critical – 9.1	KB88099
VMware Identity Manager (vIDM)	3.3.6, 3.3.5, 3.3.4, 3.3.3	Linux	CVE-2022-22959	High – 8.8	KB88099
vRealize Automation (vIDM)	7.6	Linux	CVE-2022-22959	High – 8.8	KB88099
VMware Identity Manager (vIDM)	3.3.6, 3.3.5, 3.3.4, 3.3.3	Linux	CVE-2022-22960	High – 7.8	KB88099
vRealize Automation (vIDM)	7.6	Linux	CVE-2022-22960	High – 7.8	KB88099
VMware Identity Manager (vIDM)	3.3.6, 3.3.5, 3.3.4, 3.3.3	Linux	CVE-2022-22961	Medium – 5.3	KB88099

Impacted Product Suites	Affected Version(s)	Running On	CVE Identifier	Severity	Fixed Version
VMware Cloud Foundation (vIDM)	4.x	Any	CVE-2022-22954, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961	Critical – 9.8 Critical – 9.1 Critical – 9.1 High – 8.8 High – 7.8 Medium – 5.3	KB88099
VMware Cloud Foundation (vRA)	3.x	Any	CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960	Critical – 9.1 Critical – 9.1 High – 8.8 High – 7.8	KB88099
vRealize Suite Lifecycle Manager (vIDM)	8.x	Any	CVE-2022-22954, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961	Critical – 9.8 Critical – 9.1 Critical – 9.1 High – 8.8 High – 7.8 Medium – 5.3	KB88099

Recommendation #2: Implement Vendor Supplied Workarounds if Unable to Patch

If you are unable to patch immediately, we recommend implementing the available workarounds until your organization can properly remediate the vulnerability by patching. Please note that there are no applicable workarounds for the moderate-severity Information Disclosure vulnerability (CVE-2022-22961).

Impacted Product	Affected Version(s)	Running On	CVE Identifier	Severity	Workaround
VMware Workspace ONE Access	21.08.0.1, 21.08.0.0, 20.10.0.1, 21.10.0.0	Linux	CVE-2022-22954	Critical – 9.8	KB88098
VMware Workspace ONE Access	21.08.0.1, 21.08.0.0, 20.10.0.1, 21.10.0.0	Linux	CVE-2022-22955, CVE-2022-22956	Critical – 9.8	KB88098
VMware Workspace ONE Access	21.08.0.1, 21.08.0.0, 20.10.0.1, 21.10.0.0	Linux	CVE-2022-22957, CVE-2022-22958	Critical – 9.1	KB88098
VMware Workspace ONE Access	21.08.0.1, 21.08.0.0, 20.10.0.1, 21.10.0.0	Linux	CVE-2022-22959	High – 8.8	KB88098
VMware Workspace ONE Access	21.08.0.1, 21.08.0.0, 20.10.0.1, 21.10.0.0	Linux	CVE-2022-22960	High – 7.8	KB88098

Impacted Product	Affected Version(s)	Running On	CVE Identifier	Severity	Workaround
VMware Identity Manager (vIDM)	3.3.6, 3.3.5, 3.3.4, 3.3.3	Linux	CVE-2022-22954	Critical – 9.8	KB88098
VMware Identity Manager (vIDM)	3.3.6, 3.3.5, 3.3.4, 3.3.3	Linux	CVE-2022-22957, CVE-2022-22958	Critical – 9.1	KB88098
vRealize Automation (vIDM)	7.6	Linux	CVE-2022-22957, CVE-2022-22958	Critical – 9.1	KB88098
VMware Identity Manager (vIDM)	3.3.6, 3.3.5, 3.3.4, 3.3.3	Linux	CVE-2022-22959	High – 8.8	KB88098
vRealize Automation (vIDM)	7.6	Linux	CVE-2022-22959	High – 8.8	KB88098
VMware Identity Manager (vIDM)	3.3.6, 3.3.5, 3.3.4, 3.3.3	Linux	CVE-2022-22960	High – 7.8	KB88098
vRealize Automation (vIDM)	7.6	Linux	CVE-2022-22960	High – 7.8	KB88098

Impacted Product Suites	Affected Version(s)	Running On	CVE Identifier	Severity	Workaround
VMware Cloud Foundation (vIDM)	4.x	Any	CVE-2022-22954, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960	Critical – 9.8 Critical – 9.1 Critical – 9.1 High- 8.8 HIgh – 7.8	KB88098
VMware Cloud Foundation (vRA)	3.x	Any	CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960	Critical – 9.1 Critical – 9.1 High – 8.8 High – 7.8	KB88098
vRealize Suite Lifecycle Manager (vIDM)	8.x	Any	CVE-2022-22954, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960	Critical – 9.8 Critical – 9.1 Critical – 9.1 High – 8.8 High – 7.8	KB88098

References

VMware Advisory: https://www.vmware.com/security/advisories/VMSA-2022-0011.html
Advisory FAQ: https://core.vmware.com/vmsa-2022-0011-questions-answers-faq
VMware Knowledge Base – Workaround Instructions: https://kb.vmware.com/s/article/88098
VMware Knowledge Base – Patching Instructions: https://kb.vmware.com/s/article/88099
2020 NSA Advisory: https://www.cisa.gov/uscert/ncas/current-activity/2020/12/07/nsa-releases-advisory-russian-state-sponsored-malicious-cyber

Adrian Korn

Adrian Korn is a seasoned cyber security professional with 7+ years' experience in cyber threat intelligence, threat detection, and security operations. He currently serves as the Manager of Threat Intelligence Research at Arctic Wolf Labs. Adrian has been a guest speaker on intelligence related topics at numerous conferences around the world, including DEF CON's Recon Village, Hackfest, and the Australian OSINT Symposium.

Continue Reading

Series of curved lines with a web browser icon in the middle.

A Brief History of Cybercrime

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognize and neutralize social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyze.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

Understanding ransomware — from its origins to its impacts to the TTPs that allow ransomware gangs to exploit victim organizations and make off with millions in ransom payments and extortion fees.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organization.

Learn how our Concierge Security® and Triage Security Teams help end cyber risk.

SECURITY BULLETINS

CVE-2024-3400: Follow Up: Patches Released for Actively Exploited Critical Vulnerability in GlobalProtect Feature of PAN-OS

CVE-2024-26234 for Windows and CVE-2024-29053 for Defender for IOT highlighted in Microsoft’s April 2024 Patch Tuesday

CVE-2024-3400: Critical Vulnerability in GlobalProtect Feature of PAN-OS being Actively Exploited

COMPANY

Multiple Critical Vulnerabilities Disclosed in VMware Products

VMWare Recommendations

Recommendation #1: Install Vendor Supplied Patches for Affected Products

Recommendation #2: Implement Vendor Supplied Workarounds if Unable to Patch

References

Adrian Korn

Continue Reading

Arctic Wolf Networks 8939 Columbine Rd, Suite 150 Eden Prairie, MN 55347

1.888.272.8429

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.

Arctic Wolf Networks
8939 Columbine Rd, Suite 150
Eden Prairie, MN 55347