Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:51 p.m.15 views

CVE-2022-22960

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'...

7.8CVSS7.3AI score0.37171EPSS
Exploits8References1
Rapid7 Blog
Rapid7 Blog
added 2023/04/21 6:2 p.m.108 views

Metasploit Weekly Wrap-Up

VMware Workspace ONE Access exploit chain A new module contributed by jheysel-r7 exploits two vulnerabilities in VMware Workspace ONE Access to attain Remote Code Execution as the horizon user. First being CVE-2022-22956, which is an authentication bypass and the second being a JDBC injection in...

7.5CVSS10.3AI score0.99637EPSS
Exploits36
Metasploit
Metasploit
added 2023/04/19 7:43 p.m.226 views

VMware Workspace ONE Access CVE-2022-22960

This module exploits CVE-2022-22960 which allows the user to overwrite the permissions of the certproxyService.sh script so that it can be modified by the horizon user. This allows a local attacker with the uid 1001 to escalate their privileges to root access. Module Options msf use...

7.8CVSS8.6AI score0.37171EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/04/19 12:0 a.m.326 views

VMware Workspace ONE Access Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access CVE-2022-22960', 'Description' = %q This module exploits CVE-2022-22960 which allows the user to overwrite the...

7.8CVSS8.7AI score0.37171EPSS
Exploits8
0day.today
0day.today
added 2023/04/19 12:0 a.m.306 views

VMware Workspace ONE Access Privilege Escalation Exploit

This Metasploit module exploits CVE-2022-22960 which allows the user to overwrite the permissions of the certproxyService.sh script so that it can be modified by the horizon user. This allows a local attacker with the uid 1001 to escalate their privileges to root access. This module requires...

7.8CVSS8.5AI score0.37171EPSS
Exploits8
hivepro
hivepro
added 2022/05/19 2:34 p.m.71 views

Vulnerabilities in VMware when chained together grants Full System Control

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Cybersecurity and Infrastructure Security Agency CISA has issued a warning to organizations about malicious actors using CVE-2022-22954 and CVE-2022-22960. This alert was published following the...

10CVSS1.2AI score0.99997EPSS
Exploits34
Malwarebytes
Malwarebytes
added 2022/05/19 12:42 p.m.139 views

VMWare vulnerabilities are actively being exploited, CISA warns

The Cybersecurity & Infrastructure Security Agency has issued an Emergency Directive ED 22-03 and released a Cybersecurity Advisory CSA about ongoing, and expected exploitation of multiple vulnerabilities in several VMware products. Chaining unpatched VMware vulnerabilities The title of the...

10CVSS10AI score0.99997EPSS
Exploits34
ThreatPost
ThreatPost
added 2022/05/18 1:54 p.m.161 views

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

Recently reported VMware bugs are being used by hackers who are focused on using them to deliver Mirai denial-of-service malware and exploit the Log4Shell vulnerability. Security researchers at Barracuda discovered that attempts were made to exploit the recent vulnerabilities CVE-2022-22954 and...

10CVSS10AI score0.99999EPSS
Exploits385References7
Circl
Circl
added 2022/05/01 9:40 p.m.10 views

CVE-2022-22960

creationtimestamp| type| source ---|---|--- 2022-05-01 21:40:40+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/2076 2022-06-01 19:38:01+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/2356 2022-06-02 11:01:01+00:00| published-proof-of-concept|...

7.8CVSS7.4AI score0.37171EPSS
Exploits8References10
hivepro
hivepro
added 2022/04/18 1:6 p.m.137 views

Two actively exploited vulnerabilities affect multiple VMware products

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Multiple vulnerabilities have been discovered in VMware products. Two of these have been exploited in the wild. The first zero-day vulnerability, CVE-2022-22954, is a server-side template injection flaw. An attacker could...

10CVSS1.4AI score0.99997EPSS
Exploits32
Cvelist
Cvelist
added 2022/04/13 12:0 a.m.34 views

CVE-2022-22960

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'...

8.9AI score0.37171EPSS
Exploits8References4
CVE
CVE
added 2022/04/13 12:0 a.m.1212 views

CVE-2022-22960

CVE-2022-22960 is a VMware privilege-escalation vulnerability in Workspace ONE Access, Identity Manager, and vRealize Automation caused by improper permissions in support scripts. A local attacker can escalate to root on affected systems. Technical details indicate affected products include VMwar...

7.8CVSS8.7AI score0.37171EPSS
In wildExploits8References5Affected Software5
Rows per page
Query Builder