Add rule CVE-2022-31656

rules/web/web_cve_2021_43798_grafana.yml

@@ -1,7 +1,7 @@
 title: Grafana Path Traversal Exploitation CVE-2021-43798
 id: 7b72b328-5708-414f-9a2a-6a6867c26e16
 status: experimental
-description: Detects a successful Grafana path traversal exploitation 
+description: Detects a successful Grafana path traversal exploitation
 author: Florian Roth
 references:
   - https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/

rules/web/web_cve_2022_31656_auth_bypass.yml

@@ -0,0 +1,22 @@
+title: CVE-2022-31656 VMware Workspace ONE Access Auth Bypass
+id: fcf1101d-07c9-49b2-ad81-7e421ff96d80
+status: experimental
+description: |
+    Detects the exploitation of VMware Workspace ONE Access Authentication Bypass vulnerability as described in CVE-2022-31656
+    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
+author: Nasreddine Bencherchali
+date: 2022/08/12
+references:
+    - https://petrusviet.medium.com/dancing-on-the-architecture-of-vmware-workspace-one-access-eng-ad592ae1b6dd
+logsource:
+    category: webserver
+detection:
+    selection:
+        c-uri|contains: '/SAAS/t/_/;/'
+    condition: selection
+falsepositives:
+    - Vulnerability scanners
+level: high
+tags:
+    - attack.initial_access
+    - attack.t1190