漏洞描述
VMware Workspace ONE Access(以前称为VMware IdentityManager)旨在通过多因素身份验证、条件访问和单点登录,让您的员工更快地访问SaaS、Web和本机移动应用程序。该程序未经身份验证的攻击者可以利用此漏洞进行远程任意代码执行。ip靶机没有回显,去解析一个自己的域名上去就可以利用.
VMware Workspace ONE Access命令执行(CVE-2022-22954)
PoC代码
暂无相关漏洞推荐
- POC CVE-2021-22054: VMWare Workspace ONE UEM - Server-Side Request Forgery
- POC CVE-2022-22954: VMware Workspace ONE Access - Server-Side Template Injection
- POC CVE-2022-22972: VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass
- POC CVE-2022-22954: VMware Workspace ONE Access SSTI
- POC CVE-2022-22956: VMware Workspace ONE Access - Authentication Bypass
- VMware Workspace ONE Access 身份认证绕过漏洞(CVE-2022-22972)
- VMware Workspace ONE Access CVE-2022-22957 代码执行漏洞
- VMware Workspace ONE Access CVE-2022-22956 认证绕过漏洞
- VMware Workspace ONE Access CVE-2022-22955 认证绕过漏洞
- VMware Workspace ONE Access身份验证绕过漏洞
- VMware Workspace ONE Access CVE-2022-22960 权限提升漏洞
- VMware Workspace ONE Access CVE-2022-22954远程代码执行漏洞
- VMWare Workspace One UEM BlobHandler.ashx Url SSRF漏洞