VMSA-2022-0011 VMware Security Advisory

Virtualization

Merhaba, birden çok VMware ürününde kritiklik seviyesi CVSSv3 5.3-9.8 aralığında olan bu açıklardan etkilenenler;

  • VMware Workspace ONE Access (Access)
  • VMware Identity Manager (vIDM)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

Çözüm için yayınlanan response matrixler aşağıdaki gibidir.

Response Matrix – Access 21.08.x:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Access21.08.0.1, 21.08.0.0LinuxCVE-2022-229549.8Critical KB88099KB88098FAQ
Access21.08.0.1, 21.08.0.0LinuxCVE-2022-22955, CVE-2022-229569.8Critical KB88099KB88098FAQ
Access21.08.0.1, 21.08.0.0LinuxCVE-2022-22957, CVE-2022-229589.1Critical KB88099KB88098FAQ
Access21.08.0.1, 21.08.0.0LinuxCVE-2022-229598.8Important KB88099KB88098FAQ
Access21.08.0.1, 21.08.0.0LinuxCVE-2022-229607.8Important KB88099KB88098FAQ
Access21.08.0.1, 21.08.0.0LinuxCVE-2022-229615.3Moderate KB88099NoneFAQ
Tablo-1

Response Matrix – Access 20.10.x:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Access20.10.0.1, 20.10.0.0LinuxCVE-2022-229549.8Critical KB88099KB88098FAQ
Access20.10.0.1, 20.10.0.0LinuxCVE-2022-22955, CVE-2022-229569.8Critical KB88099KB88098FAQ
Access20.10.0.1, 20.10.0.0LinuxCVE-2022-22957, CVE-2022-229589.1Critical KB88099KB88098FAQ
Access20.10.0.1, 20.10.0.0LinuxCVE-2022-229598.8Important KB88099KB88098FAQ
Access20.10.0.1, 20.10.0.0LinuxCVE-2022-229607.8Important KB88099KB88098FAQ
Access20.10.0.1, 20.10.0.0LinuxCVE-2022-229615.3Moderate KB88099NoneF
Tablo-2

Response Matrix – Identity Manager 3.3.x:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
vIDM3.3.6, 3.3.5, 3.3.4, 3.3.3LinuxCVE-2022-229549.8Critical KB88099KB88098FAQ
vIDM3.3.6, 3.3.5, 3.3.4, 3.3.3LinuxCVE-2022-22955, CVE-2022-22956N/AN/AUnaffectedN/AN/A
vIDM3.3.6, 3.3.5, 3.3.4, 3.3.3LinuxCVE-2022-22957, CVE-2022-229589.1Critical KB88099KB88098FAQ
vIDM3.3.6, 3.3.5, 3.3.4, 3.3.3LinuxCVE-2022-229598.8Important KB88099KB88098FAQ
vIDM3.3.6, 3.3.5, 3.3.4, 3.3.3LinuxCVE-2022-229607.8Important KB88099KB88098FAQ
vIDM3.3.6, 3.3.5, 3.3.4, 3.3.3LinuxCVE-2022-229615.3Moderate KB88099NoneFAQ
Tablo-3

Response Matrix – vRealize Automation (vIDM):

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
vRealize Automation [1]8.xLinuxCVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961N/AN/AUnaffectedN/AN/A
vRealize Automation (vIDM)7.6LinuxCVE-2022-22954N/AN/AUnaffectedN/AN/A
vRealize Automation (vIDM)7.6LinuxCVE-2022-22955, CVE-2022-22956N/AN/AUnaffectedN/AN/A
vRealize Automation (vIDM) [2]7.6LinuxCVE-2022-22957, CVE-2022-229589.1Critical KB88099KB88098FAQ
vRealize Automation (vIDM) [2]7.6LinuxCVE-2022-229598.8Important KB88099KB88098FAQ
vRealize Automation (vIDM) [2]7.6LinuxCVE-2022-229607.8Important KB88099KB88098FAQ
vRealize Automation (vIDM)7.6LinuxCVE-2022-22961N/AN/AUnaffectedN/AN/A
Tablo-4

vRealize Automation 8.x i sürümleri etkilenmemekte olup vIDM eğer vRA 8.x, ile birlikte yüklendiyse sadece vIDM ‘e fix uygulanabilir.
[2] vRealize Automation 7.6 is eğer embedded vIDM ile kurulduysa bu açıklardan etkilenmektedir.

Impacted Product Suites that Deploy Response Matrix Components:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Cloud Foundation (vIDM)4.3.x, 4.2.x, 4.1.x, 4.0.xAnyCVE-2022-22954, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-229619.8, 9.1, 9.1, 8.8, 7.8, 5.3Critical KB88099KB88098FAQ
VMware Cloud Foundation (vRA)3.xAnyCVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-229609.1, 9.1, 8.8, 7.8Critical KB88099KB88098FAQ
vRealize Suite Lifecycle Manager (vIDM)8.xAnyCVE-2022-22954, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-229619.8, 9.1, 9.1, 8.8, 7.8, 5.3Critical KB88099KB88098FAQ
Tablo-5

İyi fixlemeler 🙂 , ilgili security advisory sayfası için tıklayınız.

Bir cevap yazın

E-posta hesabınız yayımlanmayacak.