VMware Auth Bypass Vulnerability: What You Need to Know

In a security advisory published Aug. 2, 2022, VMware urged administrators to review and patch a critical vulnerability that allows authentication bypass affecting local domain users and multiple products.

Tell me more about this vulnerability

Being tracked at CVE-2022-31656, the VMware vulnerability creates the potential for a malicious actor with network access to the UI to obtain administrative access without the need to authenticate.

This new vulnerability joins a list of similar vulnerabilities revealed in May, tracked as CVE-2022-22955 and CVE-2022-22956.

Information on each of the included CVEs, links to patching information and available workarounds can be found in VMware’s security advisory. You can also access VMware’s support document that offers FAQs on this critical vulnerability.

How do I know if I’m vulnerable?

This vulnerability affects the following VMware products:

  • VMware Workspace ONE Access Appliance (Version 21.08.1)
  • VMware Workspace ONE Access Appliance (Version
  • VMware Identity Manager Appliance & Connector (Version 3.3.6)
  • VMware Identity Manager Appliance & Connector (Version 3.3.5)
  • VMware Identity Manager Appliance & Connector (Version 3.3.4)
  • VMware Identity Manager Connector (Version

Is Nuspire affected by this vulnerability?

Nuspire is not affected by the VMware auth bypass vulnerability.

What should I do?

Fortunately, patches have been released for this vulnerability, as well as a workaround for those who cannot patch immediately. It’s important to note that patching is the only way to fully address the vulnerability, so it’s advised to use the workaround solution only if absolutely necessary.

Additionally, patches were released for a high-level remote code execution (RCE) vulnerability being tracked as CVE-2022-31658. This threat does not have any workarounds and must be patched.

VMware users should review VMware’s security advisory containing all CVEs and apply applicable patches or workarounds as soon as possible in accordance with their documentation.

Have you registered for our next event?