Later this week, proof-of-concept exploit code will be made available for a serious vulnerability in multiple VMware products that permits remote code execution (RCE) without authentication. This pre-auth RCE security hole, identified as CVE-2022-47966, is brought on by the usage of the insecure and out-of-date third-party dependency Apache Santuario.
Read full article on Heimdal Security Blog