Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

VMware warns of public PoC code for critical auth bypass bug CVE-2022-31656

VMware warns of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw in multiple products. VMware warns its customers of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw, tracked as CVE-2022-31656, in multiple products. The flaw was discovered by security researcher Petrus Viet from VNG Security, […]

VMware Fusion Pwn2Own Berlin 2025

VMware warns of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw in multiple products.

VMware warns its customers of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw, tracked as CVE-2022-31656, in multiple products. The flaw was discovered by security researcher Petrus Viet from VNG Security, who today released the proof-of-concept (PoC) exploit code for the flaws and provided technical details about the flaw.

Last week, the virtualization giant addressed the CVE-2022-31656 flaw, which impacts local domain users in multiple products. An unauthenticated attacker can exploit the vulnerability to gain admin privileges.

“A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.” reads the advisory published by the virtualization giant.

The flaw affects Workspace ONE Access, Identity Manager, and vRealize Automation products.

The vulnerability has been rated as critical and received a CVSS v3 base score of 9.8.

Today, VMware reported the availability of PoC exploits for CVE-2022-31656 and CVE-2022-31659.

“Updated advisory with information that VMware has confirmed malicious code that can exploit CVE-2022-31656 and CVE-2022-31659 in impacted products is publicly available.” reads an update to the advisory published by the company.

The good news is that the vendor is not aware of attacks exploiting the vulnerabilities in attacks in the wild.

“VMware is not aware of exploitation of these vulnerabilities at the time of this publication.” reads an advisory published by the company.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2022-31656)

[adrotate banner=”5″]

[adrotate banner=”13″]