Various level 2 security vulnerabilities have been published by VMware related to various products. In case of exploitation of these vulnerabilities, obtaining administrative authority with authentication bypass, etc. situations that may result.

Affected Systems

• VMware Workspace ONE Access (Access)
• VMware Identity Manager (vIDM)
• VMware vRealize Automation (vRA)
• VMware Cloud Foundation
• vRealize Suite Lifecycle Manager

Solution and CVE/CWE

CVE/CWE: CVE-2022-22972, CVE-2022-22973

It is recommended by VMware to apply the solution suggestions specified in the link below.

https://www.vmware.com/security/advisories/VMSA-2022-0014.html

Note: Those with CVSS 3.1 scores of 7.0-8.9 (out of 10) are considered “high”, and those with 9.0-10.0 are considered “critical”.

Reference:

https://www.vmware.com/security/advisories/VMSA-2022-0014.html