VMware urges admins to patch critical auth bypass bug immediately


A significant authentication bypass security hole that affects local domain users in several products and gives unauthenticated attackers administrative capabilities has been identified by VMware and has prompted a warning to administrators today.

According to Petrus Viet of VNG Security, the vulnerability (CVE-2022-31656) affects VMware Workspace ONE Access, Identity Manager, and vRealize Automation. With a CVSSv3 base score of 9.8/10, VMware classified this security vulnerability’s severity as serious.

Read More…