6 matches found
VMware Workspace ONE Access - Authentication Bypass
VMware Workspace ONE Access has two authentication bypass vulnerabilities CVE-2022-22955 & CVE-2022-22956 in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. id: CVE-2022-22956...
EUVD-2022-28078
Malicious code in bioql PyPI...
Metasploit Weekly Wrap-Up
VMware Workspace ONE Access exploit chain A new module contributed by jheysel-r7 exploits two vulnerabilities in VMware Workspace ONE Access to attain Remote Code Execution as the horizon user. First being CVE-2022-22956, which is an authentication bypass and the second being a JDBC injection in...
Mware Workspace ONE Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access VMSA-2022-0011 exploit chain', 'Description' = %q This module combines two vulnerabilities in order achieve remote co...
CVE-2022-22955
CVE-2022-22955 and CVE-2022-22956 affect VMware Workspace ONE Access via the OAuth2 ACS framework. The issues are authentication bypass vulnerabilities that allow a remote attacker to bypass authentication and perform operations due to exposed endpoints. Technical context in connected docs confir...
CVE-2022-22956
CVE-2022-22956 affects VMware Workspace ONE Access. The vulnerability is an authentication bypass in the OAuth2 ACS/OAuth2TokenResourceController layer, created by exposed endpoints that let a remote attacker bypass authentication and perform operations. It is part of a duo with CVE-2022-22955. T...