VMware Advisories for VMware Workspace ONE Flaws, CISA Issues Emergency Directive (VMSA-2022-0014)

On May 18, VMware published VMSA-2022-0014, an advisory that addresses two vulnerabilities across several VMware products including:

• VMware Workspace ONE Access (Access)
• VMware Identity Manager (vIDM)
• vRealize Lifecycle Manager
• VMware vRealize Automation (vRA)
• VMware Cloud Foundation

This follows last month’s advisory (VMSA-2022-0011) that addressed eight vulnerabilities in the same set of products. Two of the flaws from last month’s release were quickly exploited in the wild by attackers.

Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) published its own advisory (AA22-138B) along with issuing Emergency Directive 22-03 for all Federal Civilian Executive Branch (FCEB) to address four flaws across both advisories, in anticipation that attackers will quickly develop and begin exploiting the two vulnerabilities disclosed today.

For more information about the vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.