Description:
VMware has published a security advisory to address multiple vulnerabilities in VMware products. The list of security updates can be found at:
- https://www.vmware.com/security/advisories/VMSA-2022-0018.html
- https://www.vmware.com/security/advisories/VMSA-2022-0019.html
- https://www.vmware.com/security/advisories/VMSA-2022-0020.html
Affected Systems:
- VMware ESXi
- VMware Cloud Foundation
- VMware vCenter Server
- VMware vRealize Log Insight
Impact:
Depending on the vulnerabilities being exploited, a successful exploitation of the vulnerabilities could lead to cross-site scripting, information disclosure or security restriction bypass on the affected system.
Recommendation:
Patches for affected products are available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
More Information:
- https://www.vmware.com/security/advisories/VMSA-2022-0018.html
- https://www.vmware.com/security/advisories/VMSA-2022-0019.html
- https://www.vmware.com/security/advisories/VMSA-2022-0020.html
- https://www.hkcert.org/security-bulletin/vmware-products-security-restriction-bypass-vulnerability_20220713
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22982
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23816
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23825
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28693
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31654
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31655