This module combines two vulnerabilities in order achieve remote code execution in the context of the `horizon` user. The first vulnerability CVE-2022-22956 is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the authentication mechanism and execute any operation. The second vulnerability CVE-2022-22957 is a JDBC injection RCE specifically in the DBConnectionCheckController class’s dbCheck method which allows an attacker to deserialize arbitrary Java objects which can allow remote code execution.Read More
VMware Workspace ONE Access VMSA-2022-0011 exploit chain
