VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
- Recommendation: users and administrators to review VMware Security Advisory Advisories VMSA-2022-0011 and VMSA-2022-0012 and apply the necessary updates.
VMSA-2022-0011
Server-side Template Injection Remote Code Execution Vulnerability (CVE-2022-22954)
VMware Workspace ONE Access and Identity Manager contain a remote code
execution vulnerability due to server-side template injection. VMware has
evaluated the severity of this issue to be in the Critical severity range with
a maximum CVSSv3 base score of 9.8.
A malicious actor with network access can trigger a server-side template
injection that may result in remote code execution.
OAuth2 ACS Authentication Bypass Vulnerabilities (CVE-2022-22955, CVE-2022-22956)
VMware Workspace ONE Access has two authentication bypass vulnerabilities in
the OAuth2 ACS framework. VMware has evaluated the severity of these issues to
be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
VMware Workspace ONE Access has two authentication bypass vulnerabilities in
the OAuth2 ACS framework. VMware has evaluated the severity of these issues to
be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
JDBC Injection Remote Code Execution Vulnerabilities (CVE-2022-22957, CVE-2022-22958)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain
two remote code execution vulnerabilities. VMware has evaluated the severity
of these issues to be in the Critical severity range with a maximum CVSSv3
base score of 9.1.
A malicious actor with administrative access can trigger deserialization of
untrusted data through malicious JDBC URI which may result in remote code
execution.
Cross Site Request Forgery Vulnerability (CVE-2022-22959)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain
a cross site request forgery vulnerability. VMware has evaluated the severity
of this issue to be in the Important severity range with a maximum CVSSv3 base
score of 8.8.
A malicious actor can trick a user through a cross site request forgery to
unintentionally validate a malicious JDBC URI.
Local Privilege Escalation Vulnerability (CVE-2022-22960)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain
a privilege escalation vulnerability due to improper permissions in support
scripts. VMware has evaluated the severity of this issue to be in the
Important severity range with a maximum CVSSv3 base score of 7.8.
A malicious actor with local access can escalate privileges to 'root'.
Information Disclosure Vulnerability (CVE-2022-22961)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain
an information disclosure vulnerability due to returning excess information.
VMware has evaluated the severity of this issue to be in the Moderate severity
range with a maximum CVSSv3 base score of 5.3.
A malicious actor with remote access may leak the hostname of the target
system. Successful exploitation of this issue can lead to targeting victims.
VMSA-2022-0012
User-controlled folder path customization privilege escalation vulnerability (CVE-2022-22962)
VMware Horizon Client for Linux contains a local privilege escalation
vulnerability. VMware has evaluated the severity of this issue to be in the
Important severity range with a maximum CVSSv3 base score of 7.3.
A low-privileged malicious actor with local access to Horizon Client for Linux
may be able to change the default shared folder location due to a vulnerable
symbolic link. Successful exploitation can result in linking to a root owned
file.
User configurable agent privilege escalation vulnerability (CVE-2022-22964)
VMware Horizon Client for Linux contains a local privilege escalation
vulnerability. VMware has evaluated the severity of this issue to be in the
Important severity range with a maximum CVSSv3 base score of 7.3.
A low-privileged malicious actor with local access to Horizon Client for Linux
may be able to escalate privileges to root due to a vulnerable configuration
file.
Source:
