VMware Releases Critical Security Updates
Two advisories include critical updates for Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation, and vRealise Suite Lifecycle Manager and an important update for Horizon Client for Linux
Summary
Two advisories include critical updates for Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation, and vRealise Suite Lifecycle Manager and an important update for Horizon Client for Linux
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
VMware has released two security advisories, VMSA-2022-0011, which is rated as critical and VMSA-2022-0012, which is rated as important.
VMSA-2022-0011 is a critical advisory that addresses eight vulnerabilities in VMware Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation, and vRealize Suite Lifecycle Manager. These vulnerabilities include authentication bypass, remote code execution, cross-site request forgery, local privilege escalation, and information disclosure. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
VMSA-2022-0012 is an important advisory that concerns VMware Horizon Client for Linux and addresses two privilege escalation vulnerabilities. A low-privileged attacker with local access to Horizon Client for Linux could exploit these vulnerabilities to take control of an affected system.
Remediation advice
Affected organisations are encouraged to review the VMware security advisories below and apply any relevant updates or workarounds.
Remediation steps
| Type | Step |
|---|---|
| Patch |
For the following impacted products:
https://www.vmware.com/security/advisories/VMSA-2022-0011.html |
| Patch |
For the following impacted product:
https://www.vmware.com/security/advisories/VMSA-2022-0012.html |
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 7 April 2022 11:00 am