Security Advisory: Critical vulnerabilities in VMware

In early April VMware released patches for remote code execution and authentication bypass vulnerabilities against multiple VMWare products, including VMware Workspace ONE Access, VMWare identity Manager, vRealize Automation, Cloud Foundation, and vRealize Suite Lifecycle Manager. Per VMware’s adversaries with network access to these appliances could lead to exploitation. The Cybersecurity & Infrastructure Security Agency (CISA) has released an Alert stating that a “trusted third party” has identified this vulnerability as being exploited in the wild. Publicly available Proof-of-Concept exploits are appearing on Github generating an even greater sense of urgency to patch vulnerable versions. Learn more here: https://www.lacework.com/blog/security-advisory-critical-vulnerabilities-in-vmware/ ---------------------- Learn more about Lacework: Website: https://www.lacework.com/ LinkedIn: https://www.linkedin.com/company/lace... Twitter: https://twitter.com/Lacework Blog: https://www.lacework.com/blog/