all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Metasploit Weekly Wrap-Up

Add to bookmarks
April 21, 2023, 6:02 p.m. | Dean Welch

Rapid7 Blog blog.rapid7.com

VMware Workspace ONE Access exploit chain


A new module contributed by jheysel-r7 exploits two vulnerabilities in VMware Workspace ONE Access to attain Remote Code Execution as the horizon user.

First being CVE-2022-22956, which is an authentication bypass and the second being a JDBC injection in the form of CVE-2022-22957 ultimately

access authentication authentication bypass bypass code code execution cve exploit exploits horizon injection jdbc metasploit metasploit weekly wrapup one access remote code remote code execution vmware vmware workspace vmware workspace one vmware workspace one access vulnerabilities weekly workspace workspace one access wrap-up

Visit resource

More from blog.rapid7.com / Rapid7 Blog

Take Command Summit: Take Breaches from Inevitable to Preventable on May 21 23 hours ago | blog.rapid7.com
attack aws breaches command +14
Metasploit Weekly Wrap-Up 04/19/24 3 days, 18 hours ago | blog.rapid7.com
crushftp emergent threat response exploit framework +11
Enforce and Report on PCI DSS v4 Compliance with Rapid7 6 days ago | blog.rapid7.com
adoption compliance council data +21
Rapid7 Insight Platform Achieves Level 2 TX-Ramp Authorization 6 days, 20 hours ago | blog.rapid7.com
authorization authorization management cloud cloud security +17
Start with threat modelling and let gamers game 1 week, 3 days ago | blog.rapid7.com
availability cloud demand game +20
Metasploit Weekly Wrap-Up 04/12/24 1 week, 3 days ago | blog.rapid7.com
account account takeover active directory authentication +16
CVE-2024-3400: Critical Command Injection Vulnerability in Palo Alto Networks Firewalls 1 week, 4 days ago | blog.rapid7.com
advisory alto april arbitrary code +25
Stories from the SOC Part 2: MSIX Installer Utilizes Telegram Bot to Execute IDAT Loader 1 week, 6 days ago | blog.rapid7.com
analysis application blog bot +17
Patch Tuesday - April 2024 1 week, 6 days ago | blog.rapid7.com
april critical cwe defender +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Penetration Tester

@ Resillion | Bengaluru, India
View on infosec-jobs.com

Senior Backend Software Engineer (Java) - Privacy Engineering (Open to remote across ANZ)

@ Canva | Sydney, Australia
View on infosec-jobs.com

(Senior) Information Security Professional (w/m/d)

@ IONOS | Deutschland - Remote
View on infosec-jobs.com

Information Security (Incident Response) Intern

@ Eurofins | Katowice, Poland
View on infosec-jobs.com

Game Penetration Tester

@ Magic Media | Belgrade, Vojvodina, Serbia - Remote
View on infosec-jobs.com
View more jobs