CVE-2022-22957

HIGH EXPLOITED

Vmware Cloud Foundation < 5.0 - Insecure Deserialization

Title source: rule

Description

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.

References (3)

[Patch, Vendor Advisory] https://www.vmware.com/security/advisories/VMSA-2022-0011.html

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html

Scores

CVSS v3 7.2

EPSS 0.4004

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2025-09-03

Classification

CWE

CWE-502

Status published

Affected Products (12)

vmware/cloud_foundation < 5.0

vmware/identity_manager

vmware/vrealize_automation < 9.0

vmware/vrealize_automation

vmware/vrealize_suite_lifecycle_manager < 9.0

vmware/workspace_one_access

Timeline

Published Apr 13, 2022

Tracked Since Feb 18, 2026