CVE-2022-22966 has been assigned a CVSS score of 9.1 out of a possible 10. The flaw was discovered and reported by VMware security researcher Jari Jääskelä, who received credit for the discovery.
According to VMware, a remote code execution vulnerability could be exploited to gain access to the server by an authenticated, high-privileged malicious actor with network access to the VMware Cloud Director tenant or provider.
In order to operate and manage their cloud infrastructures and gain visibility into data centers across sites and geographies, many well-known cloud providers make use of VMware Cloud Director, formerly known as vCloud Director
To put it another way, an attacker could exploit the flaw to gain control of a company's private clouds and steal sensitive data.
10.1.x, 10.2.x, and 10.3.x are affected, with fixes available in 10.1.4.1, 10.2.2.3, and 10.3.3. When upgrading to a recommended version is not an option, the company has also provided workarounds that can be followed.
A day after an exploit for a previously fixed critical flaw in VMware Workspace ONE Access was discovered in the wild, the company issued a series of patches.
VMWare Workspace ONE Access and Identity Manager has a remote code execution vulnerability due to server-side template injection (CVE-2022-22954).
In light of the fact that threat actors frequently target VMware products, this update serves as a reminder of the need for organizations to implement the necessary mitigations to prevent potential threats.
Post a Comment
Your suggestions and comments are welcome