VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report
https://www.tenable.com/blog/vmware-patches-multiple-vulnerabilities-in-workspace-one-vmsa-2022-0011
https://www.vmware.com/security/advisories/VMSA-2022-0011.html
http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html
http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html