Lucene search
K

6 matches found

Nuclei
Nuclei
added 2 days ago23 views

VMware Workspace ONE Access - Authentication Bypass

VMware Workspace ONE Access has two authentication bypass vulnerabilities CVE-2022-22955 & CVE-2022-22956 in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. id: CVE-2022-22956...

9.8CVSS7.2AI score0.50694EPSS
Exploits5References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-28078

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.08087EPSS
Exploits5References1
Rapid7 Blog
Rapid7 Blog
added 2023/04/21 6:2 p.m.108 views

Metasploit Weekly Wrap-Up

VMware Workspace ONE Access exploit chain A new module contributed by jheysel-r7 exploits two vulnerabilities in VMware Workspace ONE Access to attain Remote Code Execution as the horizon user. First being CVE-2022-22956, which is an authentication bypass and the second being a JDBC injection in...

7.5CVSS10.3AI score0.99637EPSS
Exploits36
Packet Storm
Packet Storm
added 2023/04/18 12:0 a.m.405 views

Mware Workspace ONE Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access VMSA-2022-0011 exploit chain', 'Description' = %q This module combines two vulnerabilities in order achieve remote co...

9.8CVSS8.4AI score0.50694EPSS
Exploits13
CVE
CVE
added 2022/04/13 5:5 p.m.308 views

CVE-2022-22955

CVE-2022-22955 and CVE-2022-22956 affect VMware Workspace ONE Access via the OAuth2 ACS framework. The issues are authentication bypass vulnerabilities that allow a remote attacker to bypass authentication and perform operations due to exposed endpoints. Technical context in connected docs confir...

9.8CVSS9.7AI score0.50694EPSS
In wildExploits5References1Affected Software3
CVE
CVE
added 2022/04/13 12:0 a.m.229 views

CVE-2022-22956

CVE-2022-22956 affects VMware Workspace ONE Access. The vulnerability is an authentication bypass in the OAuth2 ACS/OAuth2TokenResourceController layer, created by exposed endpoints that let a remote attacker bypass authentication and perform operations. It is part of a duo with CVE-2022-22955. T...

9.8CVSS9.7AI score0.50694EPSS
In wildExploits5References3Affected Software3
Rows per page
Query Builder