Remote Code Execution Vulnerabilities in VMware Workspace ONE Access, Identity Manager, and vRealize Automation through Malicious JDBC URI Deserialization

Remote Code Execution Vulnerabilities in VMware Workspace ONE Access, Identity Manager, and vRealize Automation through Malicious JDBC URI Deserialization

CVE-2022-22957 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.

Learn more about our Cis Benchmark Audit For Google Workspace.