• For Enquiry
  • 847-868-9253
  • 847-868-9208
  • Home
  • Why Choose CIO Landing?
    • Our Team
    • Success Stories
    • ‘8 Things’ We Do Better
    • Partners & Certifications
    • Our Services
  • Industry Expertise
    • Manufacturing
    • Medical
    • Education
    • Financial Services
    • Non-Profit
    • Law Firms
  • IT Solutions
    • Co-Managed Service
    • Managed IT Services
    • IT Support
      • On Demand Services
      • Office Moves & Wiring
      • Security
    • Server Management
    • Backup & Disaster Recovery
    • Cloud Services
    • CIO & IT Consulting
    • Cybersecurity Services
    • VoIP
    • Managed Firewall
    • Microsoft 365
      • Microsoft 365 Plans
        • Small Business
        • Enterprise
        • Education
    • Hardware & Software Sales
    • Email & Spam Protection
  • Resources
    • Free Copy Of New Book
    • Blog
    • Newsletter
    • Video Tips
      • Video Tips Archive
    • Free Cloud Report
    • IT Buyers Guide
    • Cybersecurity Crisis Report
    • Network Audit
    • COVID 19 Resources
    • In The NEWS
    • Online Training
  • About Us
    • Our Mission
    • Leadership
    • Teams
    • Referral Program
    • Press Releases
      • CIO Landing: More Than Just an IT
      • Small businesses can have an IT department too
      • CIO Landing, Inc. has joined forces with Banc Certified Merchant Services (BCMS).
    • Affiliations
    • Careers
      • Job Descriptions
    • FAQs
    • Causes We Support
    • Privacy Policy
    • Terms & Conditions
  • Locations
    • Northfield, IL
    • Northbrook, IL
    • Chicago, IL
    • Miami, FL
  • Support
✕
Millions Of Cash App Users Had Their Data Breached
April 28, 2022
Sharkbot Malware Found In Several Android Antivirus Apps
April 30, 2022

VMWare Products Need Patched Now For Security Risks

April 29, 2022

If you use certain VMWAre products, be aware that the company has recently identified and issued a patch for a total of five critical security vulnerabilities.

These are being tracked as:

  • CVE-2022022954 (This issue is a server-side template injection remote code execution issue)
  • CVE-2022-22955
  • CVE-2022-22956 (This issue, and the one above it are both OAuth2 ACS authentication bypass vulnerabilities)
  • CVE-2022022957
  • And CVE-20220958, with these last two being JDBC injection remote code execution vulnerabilities.

The products impacted by these issues are:

  • vRealize Suite Lifecycle Manager
  • VMware Cloud Foundation
  • VMware vRealize Automation (vRA)
  • VMware Identity Manager (vIDM)
  • And VMware Workspace ONE Access (Access)

The patch the company released to address the issue is VMSA-2021-0011.

The company made a point to stress that different organizations will have varying risk tolerances, security controls, and defenses in place to manage risk. So customers using VMWare equipment should certainly feel free to make their own decisions regarding what priority to place on installing the patch for this issue. They strongly recommended that all their customers take immediate action given the severity of the security vulnerability.

VMware stressed that so far, they have found no evidence of any of these vulnerabilities being exploited in the wild. Of course, it’s just a matter of time until that happens and the company recommends applying the patch as soon as possible if you use any of the products mentioned above.

If you are unable to apply the patch immediately, also be aware that the company has a workaround detailed on their website that could be used as a stopgap measure in the short run.  It doesn’t remove the risk and it may introduce some added wrinkles and complexities but it’s better than doing nothing until the patch can be applied.

Kudos to VMware for their fast action in addressing these issues and in providing a workaround for those who cannot patch immediately.

Share
17
taylor
taylor

Related posts

March 10, 2025

The Hidden Threat: How Gift Card Scams Are Targeting Businesses Like Yours

Read more
February 11, 2025

CIO Landing Named to CRN’s MSP 500 List for 2025—For the Third Year in a Row!

Read more
December 4, 2024

Unlocking the Power of Windows 11: Tips for Maximum Productivity

Read more
© 2025 All Rights Reserved | Powered by CIO Landing