KB-2216 Information about the VMware security vulnerability (CVE-2022-22972 & CVE-2022-22973)

Elly Meng — Tue, 01 Nov 2022 20:59:01 GMT

Current Revision posted to Appian Knowledge Base by Elly Meng on 11/1/2022 8:59:01 PM

On 18-May-2022 an announcement was made regarding the VMware security vulnerability (CVE-2022-22972, CVE-2022-22973). Following the announcement, Appian investigated and confirmed that none of the VMware Impacted Products are in use by Appian.

VMware Impacted Products:

VMware Workspace ONE Access (Access)
VMware Identity Manager (vIDM)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager

Additional Notes:

CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation and vRealize Suite Lifecycle Manager.
The CSA, AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control, provides indicators of compromise and detection signatures from CISA as well as trusted third parties to assist administrators with detecting and responding to any active exploitation of CVE-2022-22954 and CVE-2022-22960. Malicious cyber actors were able to reverse-engineer the vendor updates to develop an exploit within 48 hours and quickly began exploiting these disclosed vulnerabilities in unpatched devices. Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit CVE-2022-22972 and CVE-2022-22973, which were disclosed by VMware on May 18, 2022.

Supporting Documentation:

Timeline:

18-May-2022 - CVE-2022-22972, CVE-2022-22973 released
20-May-2022 - Appian confirmed that its product does not contain any instances of the impacted VMware products

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: May 20, 2022

Tags: Security

KB-2216 Information about the VMware security vulnerability (CVE-2022-22972, CVE-2022-22973)

Elly Meng — Fri, 20 May 2022 17:17:22 GMT

Revision 3 posted to Appian Knowledge Base by Elly Meng on 5/20/2022 5:17:22 PM

VMware Impacted Products:

VMware Workspace ONE Access (Access)
VMware Identity Manager (vIDM)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager

Additional Notes:

CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation and vRealize Suite Lifecycle Manager.
The CSA, AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control, provides indicators of compromise and detection signatures from CISA as well as trusted third parties to assist administrators with detecting and responding to any active exploitation of CVE-2022-22954 and CVE-2022-22960. Malicious cyber actors were able to reverse-engineer the vendor updates to develop an exploit within 48 hours and quickly began exploiting these disclosed vulnerabilities in unpatched devices. Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit CVE-2022-22972 and CVE-2022-22973, which were disclosed by VMware on May 18, 2022.

Supporting Documentation:

Timeline:

18-May-2022 - CVE-2022-22972, CVE-2022-22973 released
20-May-2022 - Appian confirmed that its product does not contain any instances of the impacted VMware products

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: May 20, 2022

Tags: Security

[DRAFT SP-7719] Information about the VMware security vulnerability (CVE-2022-22972, CVE-2022-22973)

Elly Meng — Fri, 20 May 2022 16:59:32 GMT

Revision 2 posted to Appian Knowledge Base by Elly Meng on 5/20/2022 4:59:32 PM

VMware Impacted Products:

VMware Workspace ONE Access (Access)
VMware Identity Manager (vIDM)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager

Additional Notes:

CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation and vRealize Suite Lifecycle Manager.
The CSA, AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control, provides indicators of compromise and detection signatures from CISA as well as trusted third parties to assist administrators with detecting and responding to any active exploitation of CVE-2022-22954 and CVE-2022-22960. Malicious cyber actors were able to reverse-engineer the vendor updates to develop an exploit within 48 hours and quickly began exploiting these disclosed vulnerabilities in unpatched devices. Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit CVE-2022-22972 and CVE-2022-22973, which were disclosed by VMware on May 18, 2022.

Supporting Documentation:

Timeline:

18-May-2022 - CVE-2022-22972, CVE-2022-22973 released
20-May-2022 - Appian confirmed that its product does not contain any instances of the impacted VMware products

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: May 20, 2022

Tags: Security

[DRAFT SP-7719] Information about the VMware security vulnerability (CVE-2022-22972, CVE-2022-22973)

Elly Meng — Fri, 20 May 2022 16:55:18 GMT

Revision 1 posted to Appian Knowledge Base by Elly Meng on 5/20/2022 4:55:18 PM

VMware Impacted Products:

VMware Workspace ONE Access (Access)
VMware Identity Manager (vIDM)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager

Additional Notes:

CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation and vRealize Suite Lifecycle Manager.
The CSA, AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control, provides indicators of compromise and detection signatures from CISA as well as trusted third parties to assist administrators with detecting and responding to the active exploitation of CVE-2022-22954 and CVE-2022-22960. Malicious cyber actors were able to reverse engineer the vendor updates to develop an exploit within 48 hours and quickly began exploiting these disclosed vulnerabilities in unpatched devices. Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit CVE-2022-22972 and CVE-2022-22973, which were disclosed by VMware on May 18, 2022.

Supporting Documentation:

Timeline:

18-May-2022 - CVE-2022-22972, CVE-2022-22973 released
20-May-2022 - Appian confirmed that the product does not contain any instances of the impacted VMware products

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: May 20, 2022

Tags: Security