QID 376521

VMware released VMSA-2022-0011, a critical advisory addressing security vulnerabilities found and resolved in VMware Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products.

Affected Versions:
VMware Workspace ONE Access (Access) versions 21.08.0.1, 21.08.0.0, 21.10.0.1, and 21.10.0.0
VMware Identity Manager (vIDM) versions 3.3.6, 3.3.5, 3.3.4, and 3.3.3
QID Detection Logic (Authenticated):
This QID checks for vulnerable versions of VMware Identity Manager and VMware Workspace ONE Access with build version on the target.

Successful exploitation of these vulnerabilities could lead to:
A malicious actor with network access can trigger a server-side template injection that may result in remote code execution in VMware Workspace ONE Access and Identity Manager.
A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework in VMware Workspace ONE Access.
A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution in VMware Workspace ONE Access, Identity Manager and vRealize Automation.
A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI in VMware Workspace ONE Access, Identity Manager and vRealize Automation.
A malicious actor with local access can escalate privileges to 'root' in VMware Workspace ONE Access, Identity Manager and vRealize Automation.
A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims in VMware Workspace ONE Access, Identity Manager and vRealize Automation.