5 matches found
Metasploit Weekly Wrap-Up
VMware Workspace ONE Access exploit chain A new module contributed by jheysel-r7 exploits two vulnerabilities in VMware Workspace ONE Access to attain Remote Code Execution as the horizon user. First being CVE-2022-22956, which is an authentication bypass and the second being a JDBC injection in...
Mware Workspace ONE Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access VMSA-2022-0011 exploit chain', 'Description' = %q This module combines two vulnerabilities in order achieve remote co...
Deserialization of untrusted data
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...
CVE-2022-22957
Summary (CVE-2022-22957 / CVE-2022-22958): VMware Workspace ONE Access, Identity Manager and vRealize Automation are affected by remote code execution vulnerabilities. The root cause is deserialization of untrusted data via a malicious JDBC URI in the DBConnectionCheckController (CVE-2022-22957) ...
CVE-2022-22957
creationtimestamp| type| source ---|---|--- 2022-04-07 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=775 2022-05-01 21:40:40+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/2076 2023-04-18 15:17:44+00:00| seen|...