Patch Authentication Bypass Vulnerability in VMware Workspace ONE Access (CVE-2022-31656)

Brenda Gratas September 13, 2022
- 3 min read

If you're a VMware Workspace ONE Access user, it's essential to be aware of a critical security vulnerability recently discovered. CVE-2022-31656 is an authentication bypass issue that can allow attackers to gain unauthorized access to your system. 

In this blog post, we’ll provide an in-depth overview of the CVE-2022-31656 vulnerability, including what it is, its risks, and how to use InvGate Asset Management to simplify Patch Management.

So, if you're concerned about the CVE-2022-31656 vulnerability and want to ensure that your systems are secure, read on to learn more about it and how to protect yourself.

About CVE-2022-31656

CVE-2022-31656 is a critical vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation. The vulnerability allows an attacker with network access to the UI to obtain administrative access without the need to authenticate.

The vulnerability is caused by a flaw in how VMware Workspace ONE Access, Identity Manager, and vRealize Automation handle user authentication. The flaw allows an attacker to bypass the authentication process and gain access to the UI as an administrator, even if they do not have the correct credentials.

What are the risks of not patching it?

If this vulnerability is not patched, an attacker could gain administrative access to VMware Workspace ONE Access, Identity Manager, or vRealize Automation. This access would allow the attacker to, among others:

  • View and modify user data.
  • Terminate user sessions.
  • Disable user accounts.
  • Deploy new applications.
  • Make changes to the system configuration.

Is the vulnerability fixed?

Yes, VMware has released patches for CVE-2022-31656. The latest versions of VMware Workspace ONE Access, Identity Manager, and vRealize Automation that include the patch are:

  • VMware Workspace ONE Access 21.08.0.1
  • VMware Identity Manager 3.3.6
  • vRealize Automation 7.6

VMware recommends that all users of affected versions apply the patch as soon as possible to mitigate the risks posed by this vulnerability.

How to find devices exposed to CVE-2022-31656

You can use InvGate Asset Management to find devices that are exposed to the CVE-2022-31656 vulnerability. To do so, follow these steps:

  1. Open InvGate Asset Management and go to the Explorer tab.
  2. Type in the Search bar “Software name, is:VMware Workspace ONE Access” (or VMware Identity Manager, or vRealize Automation) to filter all the devices with this software.
  3. Add another filter to the Search bar to see all devices missing the security patch. To do that, add the following filter: “Reported version, is not:” and paste VMware’s patched version (for VMware Workspace ONE Access, 21.08.0.1. For VMware Identity Manager, 3.3.6. For vRealize Automation, 7.6).

Use InvGate Asset Management to find devices exposed to CVE-2022-31656

The bottom line

CVE-2022-31656 is a critical security vulnerability that can risk your systems and data. By exploiting an authentication bypass flaw in VMware Workspace ONE Access, Identity Manager, and vRealize Automation, attackers can gain unauthorized access to sensitive information, potentially causing widespread damage. 

However, with the latest software patch from VMware, organizations can ensure their systems are secure and protected. To simplify this task, you can count on InvGate Asset Management. With its capabilities, you can search for devices on your network and deploy patches in minutes, ensuring your systems are always up-to-date and secure. 

Don't wait until it's too late – take action today to protect your business and data. Sign up for our 30-day free trial today!

Read other articles like this : vulnerabilities

Evaluate InvGate as Your ITSM Solution

30-day free trial - No credit card needed