Intel Name: Potential cve-2022-22954 exploitation attempt – vmware workspace one access remote code execution
Date of Scan: September 30, 2024
Impact: Medium
Summary: Identifies a possible exploitation attempt of CVE-2022-22954, a remote code execution vulnerability in VMware Workspace ONE Access and Identity Manager. According to Morphisec, during the attack, threat actors utilized PowerShell commands that ran as child processes of the legitimate Tomcat “prunsrv.exe” application.