More VMware Workspace One Vulns
This is a fast publish
Vmware just released patches for two new vulnerabilities in Workspace One, followed by guidance from CISA to patch by May 23rd or remove the devices from the network/internet!
“All Federal Civilian Executive Branch agencies must complete the following actions:
By 5:00 PM EDT on Monday, May 23, 2022:
Enumerate all instances of impacted VMware products [VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager] on agency networks.
For all instances of impacted VMware products enumerated in the required action (1) above:
Deploy updates per VMware Security Advisory VMSA-2022-0014 available here https://www.vmware.com/security/advisories/VMSA-2022-0014.html
Remove from the agency network until update can be applied.
Where updates are not available due to products being unsupported by the vendor (e.g., end of service, end of life), unsupported products must be immediately removed from agency networks.”
List of CVEs of concern