VMware Workspace ONE Access validateClaimRuleCondition Remote OS Command Injection Exploit

This module exploits a custom java bean validator to deploy an agent in VMware Workspace ONE Access. The vulnerability is in the validateClaimRuleCondition function of ClaimTransformationHelper class. The deployed agent will run with horizon user privileges.
CVE Link
CVE-2022-31700
Exploit Platform
Linux
Exploit Type
Exploits
OS Command Injection
Known Vulnerabilities
Product Name
Impact