VMware has published a Security Advisory to address vulnerabilities in multiple products. One of these vulnerabilities has a CVSSv3 score of 9.8 and could result in administrative access via authentication bypass. Patches are available to remediate these vulnerabilities in affected VMware products.
The following products are affected:
- VMware Cloud Foundation – multiple versions
- VMware Identity Manager – multiple versions
- VMware vRealize Automation – versions 7.6 and 8.x
- VMware vRealize Suite Lifecycle Manager – versions 8.x
- VMware Workspace ONE Access – multiple versions
What should I do?
The link below contains further details on the vulnerabilities and information for patching. Customers are encouraged to patch their systems as soon as possible.
Additional Resource: Canadian Centre for Cyber Security
Security Alert: Critical VMWare vulnerabilities
Sourced by: Canadian Centre for Cyber Security
Looking for steps you can take to protect your organization’s networks and information from cyber threats? To get you started, the Canadian Centre for Cyber Security have summarized 13 security control categories that your organization can implement, covering:
- Incident Response Plan
- Multi-Factor Authentication
- Backing up and encrypting data
..and more
By implementing these controls, you can reduce your risks and improve your ability to respond to security incidents.
While it isn’t always necessary to implement all of the controls, it is encouraged to adopt as many as possible to enhance your cyber security.