VMSA-2022-0011 VMware Security Advisory

Merhaba, birden çok VMware ürününde kritiklik seviyesi CVSSv3 5.3-9.8 aralığında olan bu açıklardan etkilenenler;

VMware Workspace ONE Access (Access)
VMware Identity Manager (vIDM)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager

Çözüm için yayınlanan response matrixler aşağıdaki gibidir.

Response Matrix – Access 21.08.x:

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
Access	21.08.0.1, 21.08.0.0	Linux	CVE-2022-22954	9.8	Critical	KB88099	KB88098	FAQ
Access	21.08.0.1, 21.08.0.0	Linux	CVE-2022-22955, CVE-2022-22956	9.8	Critical	KB88099	KB88098	FAQ
Access	21.08.0.1, 21.08.0.0	Linux	CVE-2022-22957, CVE-2022-22958	9.1	Critical	KB88099	KB88098	FAQ
Access	21.08.0.1, 21.08.0.0	Linux	CVE-2022-22959	8.8	Important	KB88099	KB88098	FAQ
Access	21.08.0.1, 21.08.0.0	Linux	CVE-2022-22960	7.8	Important	KB88099	KB88098	FAQ
Access	21.08.0.1, 21.08.0.0	Linux	CVE-2022-22961	5.3	Moderate	KB88099	None	FAQ

Tablo-1

Response Matrix – Access 20.10.x:

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
Access	20.10.0.1, 20.10.0.0	Linux	CVE-2022-22954	9.8	Critical	KB88099	KB88098	FAQ
Access	20.10.0.1, 20.10.0.0	Linux	CVE-2022-22955, CVE-2022-22956	9.8	Critical	KB88099	KB88098	FAQ
Access	20.10.0.1, 20.10.0.0	Linux	CVE-2022-22957, CVE-2022-22958	9.1	Critical	KB88099	KB88098	FAQ
Access	20.10.0.1, 20.10.0.0	Linux	CVE-2022-22959	8.8	Important	KB88099	KB88098	FAQ
Access	20.10.0.1, 20.10.0.0	Linux	CVE-2022-22960	7.8	Important	KB88099	KB88098	FAQ
Access	20.10.0.1, 20.10.0.0	Linux	CVE-2022-22961	5.3	Moderate	KB88099	None	F

Tablo-2

Response Matrix – Identity Manager 3.3.x:

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
vIDM	3.3.6, 3.3.5, 3.3.4, 3.3.3	Linux	CVE-2022-22954	9.8	Critical	KB88099	KB88098	FAQ
vIDM	3.3.6, 3.3.5, 3.3.4, 3.3.3	Linux	CVE-2022-22955, CVE-2022-22956	N/A	N/A	Unaffected	N/A	N/A
vIDM	3.3.6, 3.3.5, 3.3.4, 3.3.3	Linux	CVE-2022-22957, CVE-2022-22958	9.1	Critical	KB88099	KB88098	FAQ
vIDM	3.3.6, 3.3.5, 3.3.4, 3.3.3	Linux	CVE-2022-22959	8.8	Important	KB88099	KB88098	FAQ
vIDM	3.3.6, 3.3.5, 3.3.4, 3.3.3	Linux	CVE-2022-22960	7.8	Important	KB88099	KB88098	FAQ
vIDM	3.3.6, 3.3.5, 3.3.4, 3.3.3	Linux	CVE-2022-22961	5.3	Moderate	KB88099	None	FAQ

Tablo-3

Response Matrix – vRealize Automation (vIDM):

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
vRealize Automation [1]	8.x	Linux	CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961	N/A	N/A	Unaffected	N/A	N/A
vRealize Automation (vIDM)	7.6	Linux	CVE-2022-22954	N/A	N/A	Unaffected	N/A	N/A
vRealize Automation (vIDM)	7.6	Linux	CVE-2022-22955, CVE-2022-22956	N/A	N/A	Unaffected	N/A	N/A
vRealize Automation (vIDM) [2]	7.6	Linux	CVE-2022-22957, CVE-2022-22958	9.1	Critical	KB88099	KB88098	FAQ
vRealize Automation (vIDM) [2]	7.6	Linux	CVE-2022-22959	8.8	Important	KB88099	KB88098	FAQ
vRealize Automation (vIDM) [2]	7.6	Linux	CVE-2022-22960	7.8	Important	KB88099	KB88098	FAQ
vRealize Automation (vIDM)	7.6	Linux	CVE-2022-22961	N/A	N/A	Unaffected	N/A	N/A

Tablo-4

vRealize Automation 8.x i sürümleri etkilenmemekte olup vIDM eğer vRA 8.x, ile birlikte yüklendiyse sadece vIDM ‘e fix uygulanabilir.
[2] vRealize Automation 7.6 is eğer embedded vIDM ile kurulduysa bu açıklardan etkilenmektedir.

Impacted Product Suites that Deploy Response Matrix Components:

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
VMware Cloud Foundation (vIDM)	4.3.x, 4.2.x, 4.1.x, 4.0.x	Any	CVE-2022-22954, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961	9.8, 9.1, 9.1, 8.8, 7.8, 5.3	Critical	KB88099	KB88098	FAQ
VMware Cloud Foundation (vRA)	3.x	Any	CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960	9.1, 9.1, 8.8, 7.8	Critical	KB88099	KB88098	FAQ
vRealize Suite Lifecycle Manager (vIDM)	8.x	Any	CVE-2022-22954, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961	9.8, 9.1, 9.1, 8.8, 7.8, 5.3	Critical	KB88099	KB88098	FAQ

Tablo-5

İyi fixlemeler 🙂 , ilgili security advisory sayfası için tıklayınız.

Post Views: 1.769

Related Posts

DELL’in VMware ESXi Custom ISO imaj dosyaları ve avantajları.

VMSA-2021-0002 vCenter&ESX-i Security

The provided manifest file is invalid:Invalid OVF checksum algorithm:SHA256