VMware Family Security Update Advisory

Feb 29 2024

Overview

VMware has made available an update that addresses a vulnerability in a shipped product. users of affected versions are advised to update to the latest version.

Affected Products

CVE-2022-31700

VMware Workspace ONE Access versions 21.08.0.1, 21.08.0.0 (when running on Linux)
VMware Identity Manager version 3.3.6 (when running on Linux)
VMware Cloud Foundation 4.x version
vRealize Suite Automation Lifecycle Manager 9.x version

CVE-2022-31701

VMware Workspace ONE Access versions 22.09.0.0, 21.08.0.1, 21.08.0.0 (when running on Linux)
VMware Identity Manager version 3.3.6 (when running on Linux)
Version 4.x of VMware Cloud Foundation
version 9.x of vRealize Suite Automation Lifecycle Manager

Cve-2022-31707, cve-2022-31708

Version 8.10 of VMware vRealize Operations (vROps)
VMware vRealize Operations (vROps) Version 8.6.x

CVE-2023-20884

VMware Workspace ONE Access Appliance 22.09.0.0, 21.08.x version (when operating on Linux)
VMware Identity Manager Appliance version 3.3.6 (when running on Linux)
vRealize Suite Automation Lifecycle Manager (vRSLCM) 8.x
VMware Cloud Foundation (VCF) 4.x

CVE-2022-22983

VMware Workstation 16.x versions 16.2.4 or below (when operating on Windows)

CVE-2024-22235

VMware Aria Operations 8.x versions on or below 8.16
VMware Aria Operations 5.x versions before 8.16
VMware Aria Operations 4.x Versions

CVE-2023-20868

NSX-T 3.2.x versions on or below 3.2.3
Cloud Foundation (NSX-T) 4.5.x versions

CVE-2023-20899

VMware SD-WAN (Edge) 4.5.x versions on or below 4.5.2

CVE-2023-34064

VMware Workspace ONE Launcher 23.x versions on or below 23.11 (when running on Android)
VMware Workspace ONE Launcher version 22.x (when running on Android)

Cve-2023-34037, cve-2023-34038

VMware Horizon Server 2303, 2212, 2209, 2206, 2111.x, 2106, 2103, 2012, 2006 versions

CVE-2023-20857

Workspace ONE Content 23.02 or below (when running on Android)

CVE-2023-20856

VMware vRealize Operations (vROps) 8.6.x versions on or below 8.6 Hot Fix 9

CVE-2022-22982

vCenter Server versions 6.5, 6.7, and 7.0
Cloud Foundation (vCenter Server) 3.x, 4.x Versions

CVE-2023-34043

VMware Aria Operations 8.6 Hot Fix 11 or below 8.6.x versions
VMware Aria Operations 8.10.x Versions on or below 8.10 Hot Fix 9
VMware Aria Operations 8.12.x Versions on or below 8.12 Hot Fix 5
VMware Cloud Foundation (VMware Aria Operations) 4.x Versions
VMware Cloud Foundation (VMware Aria Operations) 5.x Versions

CVE-2024-22251

VMware Workstation Pro/Player 17.x versions prior to 17.5.1
VMware Fusion 13.x versions prior to 13.5.1 (when operating on OS X)

CVE-2023-20891

VMware Tanzu Application Service for VMs version 2.11.x
VMware Tanzu Application Service for VMs version 2.13.x
VMware Tanzu Application Service for VMs 3.0.x Version
VMware Tanzu Application Service for VMs 4.0.x version
Isolation Segment 2.11.x version
Isolation Segment 2.13.x version
Isolation Segment 3.0.x Version
Isolation Segment 4.0.x version

CVE-2022-31693

VMware Tools for Windows 12.x.y versions 12.1.5 or below (when running on Windows)
Versions of VMware Tools for Windows 11.x.y (when running on Windows)
Versions of VMware Tools for Windows 10.x.y (when running on Windows)

CVE-2022-22953

VMware HCX versions 4.3.1, 4.3.2

Resolved Vulnerabilities

Authenticated Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager (CVE-2022-31700)
Compromised authentication vulnerability in VMware Workspace ONE Access and Identity Manager (CVE-2022-31701)
Privilege Escalation Vulnerability in VMware vRealize Operations (vROps) (CVE-2022-31707)
Access Control Vulnerability in VMware vRealize Operations (vROps) (CVE-2022-31708)
Insecure Redirect Vulnerability in Workspace ONE Access and Identity Manager (CVE-2023-20884)
Unprotected Credential Storage Vulnerability in VMware Workstation (CVE-2022-22983)
Local privilege escalation vulnerability in VMware Aria Operations (CVE-2024-22235)
Reflected XSS Vulnerability in NSX-T (CVE-2023-20868)
Authentication Bypass Vulnerability in VMware SD-WAN (Edge) (CVE-2023-20899)
Privilege Escalation Vulnerability in VMware Workspace ONE Launcher (CVE-2023-34064)
HTTP request smuggling vulnerability in VMware Horizon Server (CVE-2023-34037)
Information Disclosure Vulnerability in VMware Horizon Server (CVE-2023-34038)
Password Bypass Vulnerability in VMware Workspace ONE Content (CVE-2023-20857)
CSRF Bypass Vulnerability in VMware vRealize Operations (vROps) (CVE-2023-20856)
Local Elevation of Privilege Vulnerability in Aria Operations (CVE-2023-34043)
USB CCID Out-of-Range Read Vulnerability in VMware Workstation and Fusion (CVE-2024-22251)
Information disclosure vulnerability due to logging of hexadecimal encoded credentials in system audit logs in VMware Tanzu Application Service for VMs and Isolation Segment (CVE-2023-20891)
sSRF Vulnerability in vCenter Server (CVE-2022-22982)
Denial of Service Vulnerability in VMware Tools for Windows (CVE-2022-31693)
Information Disclosure Vulnerability in VMware HCX (CVE-2022-22953)

Vulnerability Patches

vulnerability Patches have been made available in the latest updates. Please follow the Referenced Sites to update to the latest Vulnerability Patches version.

Cve-2022-31700, cve-2022-31701

VMware Workspace ONE Access version 22.09.1.0

Cve-2022-31707, cve-2022-31708

VMware vRealize Operations (vROps) Version 8.10.1

CVE-2023-20884

VMware Workspace ONE Access Appliance version 22.09.1.0
VMware Identity Manager Appliance version 3.3.7

CVE-2022-22983

VMware Workstation Version 16.2.4

CVE-2024-22235

VMware Aria Operations 8.16 Version

CVE-2023-20868

NSX-T 3.2.3 or below 3.2.3

CVE-2023-20899

VMware SD-WAN (Edge) version 4.5.2

CVE-2023-34064

VMware Workspace ONE Launcher version 23.11

Cve-2023-34037, cve-2023-34038

VMware Horizon Server versions 2306, 2212.1, 2209.1, 2111.2

CVE-2023-20857

Workspace ONE Content version 23.02 (when running on Android)

CVE-2023-20856

VMware vRealize Operations (vROps) 8.6 Hot Fix 9 Version

CVE-2022-22982

vCenter Server 7.0 U3f, 6.7 U3r , 6.5 U3t Versions
Cloud Foundation (vCenter Server) updated based on Referenced Sites [20] content

CVE-2023-34043

VMware Aria Operations 8.6 Hot Fix 11 Version
VMware Aria Operations 8.10 Hot Fix 9 version
VMware Aria Operations 8.12 Hot Fix 5 version
VMware Cloud Foundation (VMware Aria Operations) updates based on content in Referenced Sites [22].

CVE-2024-22251

VMware Workstation Pro / Player version 17.5.1
VMware Fusion Version 13.5.1

CVE-2023-20891

VMware Tanzu Application Service for VMs 2.11.42, 2.13.24, 3.0.14, 4.0.5 Versions
Isolation Segment 2.11.35, 2.13.20, 3.0.13, 4.0.4 Versions

CVE-2022-31693

VMware Tools for Windows 12.1.5 version

CVE-2022-22953

VMware HCX version 4.3.3

Referenced Sites

VMware Family Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Spring Framework Security Update Advisory (CVE-2024-22243)

Apache Solr Product Security Update Advisory (CVE-2023-50386)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Spring Framework Security Update Advisory (CVE-2024-22243)

Apache Solr Product Security Update Advisory (CVE-2023-50386)