CVE-2022-22957

Published: 13/04/2022 Updated: 19/04/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 690

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware cloud foundation
vmware identity manager 3.3.3
vmware identity manager 3.3.4
vmware identity manager 3.3.5
vmware identity manager 3.3.6
vmware vrealize automation
vmware vrealize automation 7.6
vmware vrealize suite lifecycle manager
vmware workspace one access 20.10.0.0
vmware workspace one access 20.10.0.1
vmware workspace one access 21.08.0.0
vmware workspace one access 21.08.0.1

This Metasploit module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user The first vulnerability, CVE-2022-22956, is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the authentication mechanism and execute any operation The ...

This module combines two vulnerabilities in order achieve remote code execution in the context of the `horizon` user The first vulnerability CVE-2022-22956 is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the authentication mechanism and execute ...

This module combines two vulnerabilities in order achieve remote code execution in the context of the `horizon` user. The first vulnerability CVE-2022-22956 is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the authentication mechanism and execute any operation. The second vulnerability CVE-2022-22957 is a JDBC injection RCE specifically in the DBConnectionCheckController class's dbCheck method which allows an attacker to deserialize arbitrary Java objects which can allow remote code execution.

msf > use exploit/linux/http/vmware_workspace_one_access_vmsa_2022_0011_chain
msf exploit(vmware_workspace_one_access_vmsa_2022_0011_chain) > show targets
    ...targets...
msf exploit(vmware_workspace_one_access_vmsa_2022_0011_chain) > set TARGET < target-id >
msf exploit(vmware_workspace_one_access_vmsa_2022_0011_chain) > show options
    ...show and set options...
msf exploit(vmware_workspace_one_access_vmsa_2022_0011_chain) > exploit

CWE-502 https://www.vmware.com/security/advisories/VMSA-2022-0011.html http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html https://www.rapid7.com/db/modules/exploit/linux/http/vmware_workspace_one_access_vmsa_2022_0011_chain/

CVE-2022-22957

Vulnerability Summary

Vulnerability Trend

Exploits

Metasploit Modules

References

Vulmon Search

About

Products

Connect