Multiple Vulnerabilities in VMware Products Could Allow for Remote Code Execution

Multiple vulnerabilities have been discovered in VMware Products, the most severe of which could result in remote code execution.

  • VMware Workspace ONE Access is an access control application for Workspace ONE.
  • VMware Identity Manager is the identity and access management component of Workspace ONE.
  • vRealize Automationi is a management platform for automating the delivery of container-based applications.
  • VMware Cloud Foundation is a hybrid cloud platform that provides a set of software-defined services for compute, storage, networking, security and cloud management to run enterprise apps.
  • vRealize Suite Lifecycle Manager allows for complete lifecycle and content management capabilities for vRealize Suite products.
    Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

Read more... Cyber Security Advisories - MS-ISAC