CVE-2022-22958

Vulnerability

VMware Workspace ONE Access, Identity Manager, and vRealize Automation contain a remote code execution vulnerability (CVE-2022-22958) caused by deserialization of untrusted data. A malicious actor with administrative access can supply a crafted JDBC URI that triggers unsafe deserialization, leading to remote code execution. The vulnerability affects versions prior to the fixed versions listed in the VMware advisory VMSA-2022-0011 [1].

Exploitation

Exploitation requires the attacker to have administrative access to the affected product. With this access, the attacker can modify a JDBC connection URI to include serialized malicious data. When the system deserializes this data, it executes arbitrary code. No user interaction is needed beyond the attacker's administrative privileges [1].

Impact

Successful exploitation allows the attacker to achieve remote code execution on the target system. This results in complete compromise of confidentiality, integrity, and availability, as the attacker can execute arbitrary commands with the privileges of the affected service [1].

Mitigation

VMware has released patches to remediate this vulnerability. The fixed versions are detailed in the resolution matrix of VMSA-2022-0011 [1]. If patching is not immediately possible, workarounds may be available; refer to VMware Knowledge Base articles referenced in the advisory. No evidence of exploitation in the wild (KEV) has been noted in available references [1].