3 matches found
Deserialization of untrusted data
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...
CVE-2022-22958
CVE-2022-22958 is part of a pair of remote code execution vulnerabilities affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation. Public details in the connected docs confirm two RCE vulnerabilities (CVE-2022-22957 and CVE-2022-22958) that can be triggered by an attacker ...
CVE-2022-22957
Summary (CVE-2022-22957 / CVE-2022-22958): VMware Workspace ONE Access, Identity Manager and vRealize Automation are affected by remote code execution vulnerabilities. The root cause is deserialization of untrusted data via a malicious JDBC URI in the DBConnectionCheckController (CVE-2022-22957) ...