VMware has published a Security Advisory to address vulnerabilities in multiple products. One of these vulnerabilities has a CVSSv3 score of 9.8 and could result in administrative access via authentication bypass. Patches are available to remediate these vulnerabilities in affected VMware products.
The following products are affected:
- VMware Cloud Foundation – multiple versions
- VMware Identity Manager – multiple versions
- VMware vRealize Automation – versions 7.6 and 8.x
- VMware vRealize Suite Lifecycle Manager – versions 8.x
- VMware Workspace ONE Access – multiple versions
What should I do?
The link below contains further details on the vulnerabilities and information for patching. Customers are encouraged to patch their systems as soon as possible.
Additional Resource: Canadian Centre for Cyber Security