VMware recently issued an advisory warning for the administrators that multiple products on the VMware Cloud Platform are affected by multiple flaws, and among them, there is a critical authentication bypass security flaw.
By exploiting this critical flaw an attacker with no authentication privileges will be able to gain administrative access to the system.
The critical flaw has been tracked as CVE-2022-31656 and reported by Petrus Viet of VNG Security, which has a CVSSv3 base score of 9.8.
Here below we have mentioned all the security vulnerabilities detected:-
Here below we have mentioned all the products that were affected:-
In accordance with the instructions in the VMSA, this critical vulnerability must be patched or mitigated as soon as possible.
Every environment has its own set of characteristics, its own tolerance for risk, and its own set of security controls that are unique to it. Therefore, it is up to the customer to take the necessary steps to proceed in their own way.
It should however be noted that due to the severity of the vulnerability, immediate action is strongly recommended. The crucial authentication bypass vulnerability, CVE-2022-31656 has not yet been exploited in the wild.
If you are unable to patch your appliances against the CVE-2022-31656 vulnerability right away, the company has provided a temporary workaround.
Earlier this year, VMware patched the following products for an almost identical critical security flaw “CVE-2022-22972”:-
This workaround, however, is not recommended by VMware. In order to fully mitigate the CVE-2022-31656 auth bypass vulnerability, the vulnerable products must be patched.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…