JDBC injection remote code execution vulnerability in vIDM - CVE-2022-22958 (rpm)ID: oval:org.secpod.oval:def:78709 | Date: (C)2022-04-12 (M)2023-08-16 |
Class: VULNERABILITY | Family: unix |
The host is installed with vIDM 3.3.3 through build 17121420, vIDM 3.3.4 through build 17498518, vIDM 3.3.5 through build 18049997 or vIDM 3.3.6 through build 19203469 is prone to a JDBC injection remote code execution vulnerability. A flaw is present in the application, which fails to handle an issue in processing malicious JDBC URI. Successful exploitation allows attackers with administrative access to trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
Product: |
VMWare Identity Manager |