The vulnerability, tracked as CVE-2022-22972, affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. It allows a malicious actor who has network access to the UI to bypass authentication.

Shortly after VMware released patches, the US Cybersecurity and Infrastructure Security Agency (CISA) warned that threat actors would “quickly develop a capability to exploit CVE-2022-22972,” as well as CVE-2022-22973, a privilege escalation fixed with the same round of patches.

Penetration testing company Horizon3.ai on Thursday published a technical deep dive for CVE-2022-22972 and made public a PoC exploit. VMware has updated its initial advisory to inform customers about the availability of a PoC, which further increases the chances of exploitation.