DESCRIPTION:
VMware Workspace ONE Access, Identity Manager, and vRealize Automation contain an authentication bypass vulnerability(CVE-2022-31656) affecting local domain users, even admin permission.
AFFECTED RELEASES:
VMware Workspace ONE Access Appliance version from 21.08.0.0 to 21.08.0.1
VMware Identity Manager Appliance & Connector version from 3.3.4 to 3.3.6
VMware Identity Manager Connector version 19.03.0.1
SOLUTION:
Users and system administrators of affected products are advised to refer to the official webpage (https://kb.vmware.com/s/article/89096) of the “Resolution” part and apply the security updates
REFERENCE:
1. https://www.ithome.com.tw/news/152286
2. https://kb.vmware.com/s/article/89096
3. https://www.vmware.com/security/advisories/VMSA-2022-0021.html