Rapid7 Vulnerability & Exploit Database

VMware Workspace ONE Access VMSA-2022-0011 exploit chain

Back to Search

VMware Workspace ONE Access VMSA-2022-0011 exploit chain



This module combines two vulnerabilities in order achieve remote code execution in the context of the `horizon` user. The first vulnerability CVE-2022-22956 is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the authentication mechanism and execute any operation. The second vulnerability CVE-2022-22957 is a JDBC injection RCE specifically in the DBConnectionCheckController class's dbCheck method which allows an attacker to deserialize arbitrary Java objects which can allow remote code execution.


  • mr_me
  • jheysel-r7




cmd, x64


Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/linux/http/vmware_workspace_one_access_vmsa_2022_0011_chain
msf exploit(vmware_workspace_one_access_vmsa_2022_0011_chain) > show targets
msf exploit(vmware_workspace_one_access_vmsa_2022_0011_chain) > set TARGET < target-id >
msf exploit(vmware_workspace_one_access_vmsa_2022_0011_chain) > show options
    ...show and set options...
msf exploit(vmware_workspace_one_access_vmsa_2022_0011_chain) > exploit

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security