CVE-2022-22957

Vulnerability

CVE-2022-22957 is a remote code execution vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation (also affecting VMware Cloud Foundation and vRealize Suite Lifecycle Manager). The vulnerability arises from deserialization of untrusted data through a malicious JDBC URI. A malicious actor with administrative access can exploit this to achieve remote code execution [1].

Exploitation

To exploit, an attacker must have administrative access to the targeted system. The attacker crafts a malicious JDBC URI that triggers deserialization of attacker-controlled data. No user interaction is required beyond the attacker's admin credentials [1].

Impact

Successful exploitation results in remote code execution with the privileges of the application server, leading to full compromise of the affected system, including confidentiality, integrity, and availability [1].

Mitigation

VMware has released patches to address this vulnerability. Customers should apply the updates listed in VMSA-2022-0011.2 for the affected products. No workaround is documented; patching is the only mitigation [1].