VMware has published a Security Advisory to address vulnerabilities in multiple products. One of these vulnerabilities has a CVSSv3 score of 9.8 and could result in administrative access via authentication bypass. Patches are available to remediate these vulnerabilities in affected VMware products.

The following products are affected:

• VMware Cloud Foundation – multiple versions
• VMware Identity Manager – multiple versions
• VMware vRealize Automation – versions 7.6 and 8.x
• VMware vRealize Suite Lifecycle Manager – versions 8.x
• VMware Workspace ONE Access – multiple versions

What should I do?

The link below contains further details on the vulnerabilities and information for patching. Customers are encouraged to patch their systems as soon as possible.

VMWare.com

Additional Resource: Canadian Centre for Cyber Security