Company

ABOUT ESENTIRE

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

About Us →

Leadership →

Careers →

Event Calendar →

Newsroom →

Aston Villa Football Club →

EVENT CALENDAR

Apr

ILTA Evolve

Apr

RSAC™ 2025 Conference

May

SIM Houston Women's Roundtable

May

Computing Cybersecurity Festival

May

CISO Strategy Virtual Meetings Seattle

View Calendar →

LATEST PRESS RELEASE

Mar 06, 2025

eSentire Unleashes AI-Driven Atlas Nexus Network, Empowering Cybersecurity Partners to Build Differentiated Security Services at Scale

View Newsroom →

OUR PARTNERSHIPS

Aston Villa Football Club

AVFC takes its cyber protection to the Next Level with eSentire as its official cybersecurity partner.

Learn More

Partners

PARTNER PROGRAM

We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.

LEARN MORE →

Apply to become an e3 ecosystem partner with eSentire today.

APPLY NOW →

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

On August 2^nd, 2022, VMware disclosed a new critical vulnerability impacting multiple VMware products. The vulnerability, tracked as CVE-2022-31656 (CVSS: 9.8) is an authentication bypass vulnerability. A threat actor with previous network access may exploit CVE-2022-31656 in order to obtain administrative access without the need to authenticate. The vulnerability impacts VMware Workspace ONE Access, Identity Manager, and vRealize Automation.

Exploitation of the CVE-2022-31656 has not been identified at this time. Proof-of-Concept (PoC) exploit code is expected to be released in the near future. The eSentire Threat Intelligence team asses with high confidence that the release of PoC code will result in real- world attacks.

What we’re doing about it

eSentire Managed Vulnerability Service (MVS) will add plugins for this vulnerability when they become available
eSentire security teams are tracking this vulnerability for additional details and detection opportunities

What you should do about it

After performing a business impact review, apply the relevant security patches released by VMware
If patching is not immediately possible, VMware has released alternative mitigations that should be applied until security patches are deployed

Additional information

CVE-2022-31656 is believed to be a patch bypass or variant of a previous easily exploitable authentication bypass vulnerability tracked as CVE-2022-22972. The researcher that discovered and reported CVE-2022-31656 to VMware has publicly stated that functional PoC exploit code and a technical write up on the vulnerability will be released soon. The availability of both PoC code and technical details significantly increases the likelihood of exploitation by threat actors in the wild.

In total, VMware addressed ten separate vulnerabilities in this disclosure. Other vulnerability types from the release include Remote Code Execution (RCE), Privilege Escalation, URL Injection, Path Traversal, and Cross-Site Scripting. CVE-2022-31656 is the most critical vulnerability from the release, but all vulnerabilities should be patched as soon as possible.

Impacted VMware Products:

Access - versions 21.08.0.0 and 21.08.0.1
vIDM - versions 3.3.4, 3.3.5 and 3.3.6
vRealize Automation (vIDM) - version 7.6
VMware Cloud Foundation (vIDM) - versions 4.3.x, 4.2.x and 4.4.x
vRealize Suite Lifecycle Manager (vIDM) - version 8.x
VMware Cloud Foundation (vRA) - version 3.x

References:

[1] https://www.vmware.com/security/advisories/VMSA-2022-0021.html
[2] https://kb.vmware.com/s/article/89084
[3] https://twitter.com/VietPetrus/status/1554485970514608128
[4] https://www.vmware.com/security/advisories/VMSA-2022-0014.html

ESENTIRE SERVICES

Managed Detection and Response

All-In-One MDR Solution →

MDR for Microsoft →

MDR for GenAI →

Digital Forensics and Incident Response

Continuous Threat Exposure Management (CTEM)

PLATFORM, PEOPLE AND RESPONSE

Security Operations Center (SOC)

Extended Detection and Response (XDR)

Technology Integrations

Threat Response Unit (TRU)

Cyber Resilience Team

Response and Remediation

MDR Packages and 24/7 Protection

MDR Pricing and Packages

Atlas Essentials

Atlas Advanced

Atlas Complete

24/7 Coverage

Endpoint

Network

Log

Cloud

Identity

INDUSTRIES

Insurance

Construction

Finance

Legal

Manufacturing

Private Equity

Healthcare

Retail

Food Supply

Government and Education

Automotive Dealerships

USE CASES

Ransomware

Cybersecurity Compliance

Zero Day Attacks

Cloud Misconfiguration

Third-Party Risk

Do More With Less

Cyber Risk

Cyber Insurance

Sensitive Data Security

Security Leadership

Cyber Threat Intelligence

From The Blog

Sock(et) Puppet: How RansomHub Affiliates Pull the Strings

Phish & Chips: Serving Up Tycoon 2FA’s Secrets

Cybersecurity Investments CISOs Should Make in 2025

Resources

Case Studies

TRU Intelligence Center

Cybersecurity Tools

Videos

Reports

Webinars

Data Sheets

Real vs. Fake MDR

Compare MDR Vendors

Blogs

Security Advisories

SECURITY ADVISORIES

CrushFTP Authentication Bypass

Critical Next.js Vulnerability (CVE-2025-29927)