VMware Workspace ONE Access VMSA-2022-0011 exploit chain

This module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability CVE-2022-22956 is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the authentication...

VMware Workspace ONE Remote Code Execution Exploit

This Metasploit module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability, CVE-2022-22956, is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the...

SRC-2022-0010 : VMware Workspace ONE Access DBConnectionCheckController Cross-Site Request Forgery Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...

SRC-2022-0009 : VMware Workspace ONE Access DBConnectionCheckController dbCheck JDBC Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...