Advisory Type: IT Security
Severity: Critical
Summary: PDS is providing the following communication to build awareness of critical vulnerabilities affecting VMware products.
On April 6, 2022, VMware published a security advisory VMSA-2022-0011 disclosing that the following vulnerabilities exist:
- Remote Code Execution via a server-side template injection [Workspace ONE Access, Identity Manager]
- Two OAuth2 Authentication Bypass vulnerabilities [Workspace ONE Access]
- Remote Code Execution via JDBC Injection [Workspace ONE Access, Identity Manager, vRealize Automation]
- Cross Site Request Forgery vulnerability [Workspace ONE Access, Identity Manager, vRealize Automation]
- Local Privilege Escalation [Workspace ONE Access, Identity Manager, vRealize Automation]
- Information Disclosure vulnerability [Workspace ONE Access, Identity Manager, vRealize Automation]
On May 18, CISA issued Emergency Directive 22-03 indicating the vulnerabilities were being actively exploited and mandating that Federal Civilian Executive Branch agencies must patch these vulnerabilities by Monday, May 23.
VMware published updates to these issues on April 6, after which time threat actors reverse-engineered the patches to discover the vulnerabilities and began exploiting the flaws within 48 hours. The vulnerabilities continue to be actively exploited.
We strongly advise customers to review the VMware advisory and patch all vulnerable VMware products. PDS Architects are available to assist with the assessment and mitigation, your Account Director can assist in arranging support for this issue.
