Lucene search
VmwareCVELIST:CVE-2022-22957HistoryApr 13, 2022 - 12:00 a.m.
CVE-2022-22957
2022-04-1300:00:00
vmware
www.cve.org
7
vmware
workspace one access
identity manager
vrealize automation
remote code execution
deserialization
malicious actor
administrative access
jdbc uri
untrusted data
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
CNA Affected
[
{
"vendor": "n/a",
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation.",
"versions": [
{
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6.",
"status": "affected"
}
]
}
]Related
cvelist
cvelist
CVE-2022-22958
2022-04-13 17:05:58
nvd
nvd
CVE-2022-22958
2022-04-13 18:15:13
CVE-2022-22957
2022-04-13 18:15:13
prion
prion
Deserialization of untrusted data
2022-04-13 18:15:00
Deserialization of untrusted data
2022-04-13 18:15:00
cve
cve
CVE-2022-22958
2022-04-13 18:15:13
CVE-2022-22957
2022-04-13 18:15:13
srcincite
srcincite
SRC-2022-0008 : VMware Workspace ONE Access ApplicationSetupController dbTestConnection JDBC Injection Remote Code Execution Vulnerability
2022-02-25 00:00:00
thn
thn
vmware
vmware
nessus
nessus
zdt
zdt
VMware Workspace ONE Remote Code Execution Exploit
2023-04-18 00:00:00
metasploit
metasploit
VMware Workspace ONE Access VMSA-2022-0011 exploit chain
2023-04-06 03:10:34
packetstorm
packetstorm
Mware Workspace ONE Remote Code Execution
2023-04-18 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-04-21 18:02:40
hivepro
hivepro
Weekly Threat Digest: 11 – 17 April 2022
2022-04-21 04:59:07