Skip to main content

VMware Releases Critical Security Updates

Two advisories include critical updates for Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation, and vRealise Suite Lifecycle Manager and an important update for Horizon Client for Linux

Threat ID:
CC-4071
Threat Severity:
Medium
Published:
7 April 2022 10:56 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Two advisories include critical updates for Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation, and vRealise Suite Lifecycle Manager and an important update for Horizon Client for Linux

Threat details

Introduction

VMware has released two security advisories, VMSA-2022-0011, which is rated as critical and VMSA-2022-0012, which is rated as important.

VMSA-2022-0011 is a critical advisory that addresses eight vulnerabilities in VMware Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation, and vRealize Suite Lifecycle Manager. These vulnerabilities include authentication bypass, remote code execution, cross-site request forgery, local privilege escalation, and information disclosure. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

VMSA-2022-0012 is an important advisory that concerns VMware Horizon Client for Linux and addresses two privilege escalation vulnerabilities. A low-privileged attacker with local access to Horizon Client for Linux could exploit these vulnerabilities to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review the VMware security advisories below and apply any relevant updates or workarounds.

Remediation steps

Type Step
Patch

For the following impacted products:

  • VMware Workspace ONE Access (Access)
  • VMware Identity Manager (vIDM)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

https://www.vmware.com/security/advisories/VMSA-2022-0011.html
Patch

For the following impacted product:

  • VMware Horizon Client for Linux

https://www.vmware.com/security/advisories/VMSA-2022-0012.html

Last edited: 7 April 2022 11:00 am