• Login
Fintedex — Business, Fincance & Investment News
  • Contact
  • About us
No Result
View All Result
  • Contact
  • About us
No Result
View All Result
Fintedex — Business, Fincance & Investment News
No Result
View All Result
Home Technology

Multiple VMware products found to contain critical security flaws

Timothy Wilson by Timothy Wilson
29.09.2022
in Technology
0
Multiple VMware products found to contain critical security flaws
0
SHARES
13
VIEWS
Share on FacebookShare on Twitter

VMware has released a new security patch addressing numerous high-severity vulnerabilities in five different products. 

Given the number of products affected, and the destructive potential of the vulnerabilities, VMware has urged the users to apply the patch without a second’s delay. 

Those that are unable to install the patch immediately can also apply a workaround to keep their endpoints secure.

TechRadar needs you!

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window

Serious ramifications

With the newest update, VMware patched a server-side template injection remote code execution vulnerability (CVE-2022-22954), two OAuth2 ACS authentication bypass vulnerabilities (CVE-2022-22955, CVE-2022-22956), and two JDBC injection remote code execution vulnerabilities (CVE-2022-22957, CVE-2022-22958).

The same patch also addresses a couple of less dangerous bugs, including CVE-2022-22959 (allows for a Cross-Site Request Forgery), CVE-2022-22960 (allows for privilege escalation), CVE-2022-22961 (allows access to information without authorization).

VMware products vulnerable to these flaws include VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.

The flaws are major and users should hurry up with applying the patch:

“This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA-2021-0011. The ramifications of this vulnerability are serious,” VMware said.

“All environments are different, have different tolerance for risk, and have different security controls and defense-in-depth to mitigate risk, so customers must make their own decisions on how to proceed. However, given the severity of the vulnerability, we strongly recommend immediate action.”

Read more

> VMware issues emergency patch for critical security flaws

> VMware patches another severe security bug

> Hackers have begun scanning for vulnerable VMware vCenter servers

There is no evidence of the flaws being abused in the wild just yet, but now that the information is out there, it could only be a matter of time.

VMware added that any users unable to patch up can apply a workaround, with more details on this link.

“Workarounds, while convenient, do not remove the vulnerabilities, and may introduce additional complexities that patching would not,” the company warned. “While the decision to patch or use the workaround is yours, VMware always strongly recommends patching as the simplest and most reliable way to resolve this issue.”

  • Make sure all your devices are protected with the best firewalls around

Via: BleepingComputer


Previous Post

Hopes fade that energy bills will fall in 2023

Next Post

Realtor.com: Take a Look Inside the Secret Service’s $30K Monthly Malibu Rental

Related Posts

Bondstream
Technology

Bondstream™ receives Prestigious Nomination for the 2023 Go Global Awards

by Lillie Hull
07.06.2023
This James Webb telescope image may be hiding more than just the stars
Technology

This James Webb telescope image may be hiding more than just the stars

by Timothy Wilson
29.09.2022
New God of War Ragnarok abilities revealed, including incinerating blades
Technology

New God of War Ragnarok abilities revealed, including incinerating blades

by Timothy Wilson
29.09.2022
DualSense Edge: everything you need to know about the PS5 pro controller
Technology

DualSense Edge: everything you need to know about the PS5 pro controller

by Timothy Wilson
29.09.2022
Bluehost vs GoDaddy: Two top web hosting providers compared
Technology

Bluehost vs GoDaddy: Two top web hosting providers compared

by Timothy Wilson
29.09.2022
Next Post
Realtor.com: Take a Look Inside the Secret Service’s $30K Monthly Malibu Rental

Realtor.com: Take a Look Inside the Secret Service’s $30K Monthly Malibu Rental

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Browse by Category

  • Business
  • Opinion
  • Stock Market
  • Technology
  • Без рубрики

Fintedex delivers real-time news about the financial industry: feature stories, industry developments, opinions plus the latest on people and trends.

Categories

  • Business
  • Opinion
  • Stock Market
  • Technology
  • Без рубрики

Recent Posts

  • What to Include in Your Small Business Emergency Preparedness Plan
  • How to Develop a Winning Content Marketing Plan
  • Where to Discover New Trends in Your Industry for Business Growth

© 2021 Fintedex. Submit news release

No Result
View All Result
  • Contact
  • About us

© 2021 Fintedex. Submit news release

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?