Incoming "spray and pray" attacks
https://www.bleepingcomputer.com/news/security/researchers-to-release-poc-exploit-for-critical-zoho-rce-bug-patch-now/
Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several VMware products.
Tracked as CVE-2022-47966, this pre-auth RCE security flaw is due to using an outdated and vulnerable third-party dependency, Apache Santuario.
Incoming "spray and pray" attacks
Jan 16, 2023, 11:17pm UTC
https://www.bleepingcomputer.com/news/security/researchers-to-release-poc-exploit-for-critical-zoho-rce-bug-patch-now/
> Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several VMware products.
> Tracked as CVE-2022-47966, this pre-auth RCE security flaw is due to using an outdated and vulnerable third-party dependency, Apache Santuario.