.. / CVE-2022-22972

Exploit for VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass (CVE-2022-22972)

Description:

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

Nuclei Template

View the template here CVE-2022-22972.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-22972.yaml

References:

https://github.com/djytmdj/Tool_Summary
https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive
https://www.vmware.com/security/advisories/VMSA-2022-0014.html
https://nvd.nist.gov/vuln/detail/CVE-2022-22972
https://github.com/horizon3ai/CVE-2022-22972

.. / CVE-2022-22972 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass (CVE-2022-22972)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-22972