===================================================================                               CERT-Renater

                     Note d'Information No. 2021/VULN183

_____________________________________________________________________

DATE                : 18/05/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running VMware Workspace ONE Access
                                   (Access),
                        VMware Identity Manager (vIDM),
                        VMware vRealize Automation (vRA),
                        VMware Cloud Foundation,
                        vRealize Suite Lifecycle Manager.

====================================================================https://www.vmware.com/security/advisories/VMSA-2022-0014.html 
_____________________________________________________________________

Critical


Advisory ID:     VMSA-2022-0014
CVSSv3 Range:    7.8-9.8
Issue Date:      2022-05-18
Updated On:      2022-05-18
CVE(s):          CVE-2022-22972, CVE-2022-22973


Synopsis:
VMware Workspace ONE Access, Identity Manager and vRealize Automation 
updates address multiple vulnerabilities.


1. Impacted Products

     VMware Workspace ONE Access (Access)
     VMware Identity Manager (vIDM)
     VMware vRealize Automation (vRA)
     VMware Cloud Foundation
     vRealize Suite Lifecycle Manager


2. Introduction

Multiple vulnerabilities were privately reported to VMware. Patches are 
available to remediate these vulnerabilities in affected VMware products.


3a. Authentication Bypass Vulnerability (CVE-2022-22972)

Description

VMware Workspace ONE Access, Identity Manager and vRealize Automation 
contain an authentication bypass vulnerability affecting local domain 
users. VMware has evaluated the severity of this issue to be in the 
Critical severity range with a maximum CVSSv3 base score of 9.8.

Known Attack Vectors

A malicious actor with network access to the UI may be able to obtain 
administrative access without the need to authenticate.

Resolution

To remediate CVE-2022-22972, apply the patches listed in the 'Fixed 
Version' column of the 'Resolution Matrix' found below.

Workarounds

Workarounds for CVE-2022-22972 have been documented in the VMware 
Knowledge Base articles listed in the 'Workarounds' column of the '
Response Matrix' below.

Additional Documentation

A supplemental blog post was created for additional clarification. 
Please see: https://via.vmw.com/vmsa-2022-0014-qna

Notes

None.

Acknowledgements

VMware would like to thank Bruno López of Innotec Security for reporting 
this vulnerability to us.


3b. Local Privilege Escalation Vulnerability (CVE-2022-22973)

Description

VMware Workspace ONE Access and Identity Manager contain a privilege 
escalation vulnerability. VMware has evaluated the severity of this 
issue to be in the Important severity range with a maximum CVSSv3 base 
score of 7.8.

Known Attack Vectors

A malicious actor with local access can escalate privileges to 'root'.
Resolution

To remediate CVE-2022-22973 apply the patches listed in the 'Fixed 
Version' column of the 'Resolution Matrix' found below.

Workarounds

None.

Additional Documentation

A supplemental blog post was created for additional clarification. 
Please see: https://via.vmw.com/vmsa-2022-0014-qna


Notes

None.


Acknowledgements

VMware would like to thank Kai Zhao of ToTU Security Team and Steven Yu 
for independently reporting this issue to us.


Response Matrix
Product 	Version 	Running On 	CVE Identifier 	
CVSSv3 	Severity   Fixed Version   Workarounds 	Additional Documentation

Access   21.08.0.1, 21.08.0.0   Linux   CVE-2022-22972
9.8  critical   KB88438 KB88433   FAQ

Access   21.08.0.1, 21.08.0.0   Linux   CVE-2022-22973
7.8   important  KB88438   None   FAQ

Access   20.10.0.1, 20.10.0.0   Linux   CVE-2022-22972
9.8   critical   KB88438 KB88433   FAQ

Access   20.10.0.1, 20.10.0.0   Linux   CVE-2022-22973
7.8   important   KB88438   None   FAQ

vIDM   3.3.6, 3.3.5, 3.3.4, 3.3.3   Linux   CVE-2022-22972
9.8   critical   KB88438 KB88433   FAQ

vIDM   3.3.6, 3.3.5, 3.3.4, 3.3.3   Linux   CVE-2022-22973
7.8   important   KB88438   None   FAQ

vRealize Automation [1]   8.x   Linux   CVE-2022-22972, CVE-2022-22973 
  N/A   N/A   Unaffected   N/A   N/A

vRealize Automation (vIDM) [2]   7.6   Linux   CVE-2022-22972
9.8   critical   KB88438 KB88433   FAQ

vRealize Automation (vIDM)   7.6   Linux   CVE-2022-22973
N/A   N/A   Unaffected   N/A   N/A

[1] vRealize Automation 8.x is unaffected since it does not use embedded 
vIDM. If vIDM has been deployed with vRA 8.x, fixes should be applied 
directly to vIDM.
[2] vRealize Automation 7.6 is affected since it uses embedded vIDM.

Impacted Product Suites that Deploy Response Matrix Components:


Product    Version    Running On    CVE Identifier    CVSSv3 	
Severity    Fixed Version    Workarounds    Additional Documentation

VMware Cloud Foundation (vIDM)   4.3.x, 4.2.x, 4.1, 4.0.x
Any   CVE-2022-22972   9.8   critical   KB88438 KB88433   FAQ

VMware Cloud Foundation (vIDM)   4.3.x, 4.2.x, 4.1, 4.0.x
Any   CVE-2022-22973   7.8   important   KB88438   None
FAQ

VMware Cloud Foundation (vRA)   3.x   Any   CVE-2022-22972
9.8   critical   KB88438 KB88433   FAQ

vRealize Suite Lifecycle Manager (vIDM)   8.x   Any
CVE-2022-22972   9.8   critical   KB88438 KB88433
FAQ

vRealize Suite Lifecycle Manager (vIDM)   8.x   Any
CVE-2022-22973   7.8   important   KB88438   None   FAQ


4. References

Fixed Version(s): https://kb.vmware.com/s/article/88438
Workarounds: https://kb.vmware.com/s/article/88433


Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22973


FIRST CVSSv3 Calculator:
CVE-2022-22972: 
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22973: 
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H


5. Change Log

2022-05-18: VMSA-2022-0014
Initial security advisory.


6. Contact

E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com  bugtraq@securityfocus.com 
fulldisclosure@seclists.org
  E-mail: security@vmware.com
PGP key at:
https://kb.vmware.com/kb/1055
  VMware Security Advisories
https://www.vmware.com/security/advisories
  VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
  VMware Security & Compliance Blog  https://blogs.vmware.com/security
  Twitter
https://twitter.com/VMwareSRC


Copyright 2022 VMware Inc. All rights reserved.


========================================================+ CERT-RENATER         | tel : 01-53-94-20-44           +
+ 23/25 Rue Daviel     | fax : 01-53-94-20-41           +
+ 75013 Paris          | email:cert@support.renater.fr  +
=======================================================