漏洞描述
远程命令执行漏洞是指攻击者通过构造特定的请求,使得服务器端执行非预期的命令,从而可能导致未授权的数据访问、权限提升、服务中断等严重后果。这种漏洞通常由于应用程序对用户输入的验证不充分或者对外部命令调用缺乏必要的安全控制而产生。
VMware Horizon 存在 Log4j 远程命令执行漏洞
PoC代码
暂无相关漏洞推荐
- CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- POC CVE-2021-45046-DAST: Apache Log4j2 - Remote Code Injection
- POC CVE-2021-21972: VMware vSphere Client (HTML5) - Remote Code Execution
- POC CVE-2021-21973: VMware vSphere - Server-Side Request Forgery
- POC CVE-2021-21978: VMware View Planner <4.6 SP1- Remote Code Execution
- POC CVE-2021-21985: VMware vSphere Client (HTML5) - Remote Code Execution
- POC CVE-2021-22005: VMware vCenter Server - Arbitrary File Upload
- POC CVE-2021-44228: Apache Log4j2 Remote Code Injection
- POC CVE-2021-45046: Apache Log4j2 - Remote Code Injection
- POC CVE-2022-22954: VMware Workspace ONE Access - Server-Side Template Injection
- POC CVE-2022-22972: VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass
- POC CVE-2022-31656: VMware - Local File Inclusion
- POC CVE-2023-20864: VMware Aria Operations for Logs - Unauthenticated Remote Code Execution