Impact of VMware Vulnerabilities on Pharos products
Pharos is NOT impacted by the following VMware vulnerabilities:
CVE-2022-22954: A remote code execution vulnerability that could enable a malicious actor with network access to trigger a server-side template injection that may result in an RCE
CVE-2022-22960: A privilege escalation flaw that could enable a malicious actor with root access to wipe logs, escalate permissions and move laterally to other systems
CVE-2022-22972: An authentication bypass vulnerability that could allow a malicious actor with network access to the UI to obtain administrative access without the need to authenticate
CVE-2022-22973: A local privilege escalation vulnerability that could allow a malicious actor with local access to escalate privileges to ‘root’
Pharos solutions do NOT use any of the vulnerable VMware products:
VMware Workspace ONE Access (Access)
VMware Identity Manager (vIDM)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager