Kritik VMSA 2022-0011 güvenlik zaafiyeti yayınlandı ve aşağıdaki ürünler için uygulanacak adımlara’ da ilgili linkten ulaşabilirsiniz.
Below is the list of affected products:
• VMware Workspace ONE Access (Access)
• VMware Identity Manager (vIDM)
• VMware vRealize Automation (vRA)
• VMware Cloud Foundation
• vRealize Suite Lifecycle Manager
It addresses several vulnerabilities with the highest CVS of 9.8
1- Server-side Template Injection Remote Code Execution Vulnerability (CVE-2022-22954)
2- OAuth2 ACS Authentication Bypass Vulnerabilities (CVE-2022-22955, CVE-2022-22956)
3- JDBC Injection Remote Code Execution Vulnerabilities (CVE-2022-22957, CVE-2022-22958)
4- Cross Site Request Forgery Vulnerability (CVE-2022-22959)
5- Local Privilege Escalation Vulnerability (CVE-2022-22960)
6- Information Disclosure Vulnerability (CVE-2022-22961)