Rewterz Threat Alert – Pandora Ransomware – Active IOCs
April 6, 2022Rewterz Threat Advisory – CVE-2022-1197 – Mozilla Thunderbird Vulnerability
April 7, 2022Severity
High
Analysis Summary
CVE-2022-22954 CVSS:9.8
A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
CVE-2022-22955; CVE-2022-22956 CVSS:9.8
A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
CVE-2022-22957; CVE-2022-22958 CVSS:9.1
A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
CVE-2022-22959 CVSS:8.8
A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
CVE-2022-22960 CVSS:7.8
A malicious actor with local access can escalate privileges to ‘root’.
CVE-2022-22961 CVSS:5.3
A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
Impact
- Security Bypass
- Remote Code Execution
- Cross-Site Scripting
- Privilege Escalation
- Information Disclosure
Indicator Of Compromise
CVE
- CVE-2022-22954
- CVE-2022-22955
- CVE-2022-22956
- CVE-2022-22957
- CVE-2022-22958
- CVE-2022-22959
- CVE-2022-22960
- CVE-2022-22961
Affected Vendors
VMware
Affected Products
- VMware Workspace ONE Access (Access)
- VMware Identity Manager (vIDM)
- VMware vRealize Automation (vRA)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
Remediation
Refer to VMware Security Advisory for the patch, upgrade or suggested workaround information.