VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

Recent assessments:

rbowes-r7 at May 02, 2022 10:32pm UTC reported:

With publicly available information, this was super trivial to exploit! In the Rapid7 analysis, I chained it together with what I thought was CVE-2022-22960 (I’m not sure it was anymore) to go from unauthenticated HTTPS access to root very easily.

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5

References

packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22954

www.vmware.com/security/advisories/VMSA-2022-0011.html

threatpost 28

ics 2

rapid7blog 10

attackerkb 1

hivepro 4

thn 6

malwarebytes 2

cisa 2

hackerone 4

cve 3

githubexploit 53

srcincite 2

nessus 8

packetstorm 5

osv 2

zdt 2

cisa_kev 3

nuclei 1

checkpoint_advisories 1

prion 2

metasploit 2

ibm 35

impervablog 2

amd 1

kaspersky 2

mssecure 1

msrc 2

qualysblog 1

wallarmlab 1

trellix 1

talosblog 1

veracode 1

fedora 1

redhat 3

trendmicroblog 1

akamaiblog 1

openvas 2

threatpost

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

2022-05-18 13:54:23

Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data

2022-06-28 11:57:06

Cyberattackers Target UPS Back-Up Power Devices in Mission-Critical Environments

2022-03-30 17:14:57

ics

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

2022-07-18 12:00:00

Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control

2022-06-02 12:00:00

rapid7blog

Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954

2022-04-29 13:25:42

CVE-2022-22972: Critical Authentication Bypass in VMware Workspace ONE Access, Identity Manager, and vRealize Automation

2022-05-19 13:54:07

Metasploit Weekly Wrap-Up

2022-08-05 18:50:07

attackerkb

CVE-2022-22960

2022-04-13 00:00:00

hivepro

Two actively exploited vulnerabilities affect multiple VMware products

2022-04-18 13:06:29

Vulnerabilities in VMware when chained together grants Full System Control

2022-05-19 14:34:51

Newly patched VMware vulnerability exploited by Iranian espionage group, Rocket Kitten

2022-04-26 12:44:24

thn

Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data

2022-06-24 03:36:00

Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild

2022-04-14 04:31:00

Iranian Hackers Exploiting VMware RCE Bug to Deploy 'Core Impact' Backdoor

2022-04-26 06:18:00

malwarebytes

VMWare vulnerabilities are actively being exploited, CISA warns

2022-05-19 12:42:13

What SMBs can do to protect against Log4Shell attacks

2021-12-15 20:59:31

cisa

CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities

2022-05-18 00:00:00

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

2022-06-23 00:00:00

hackerone

U.S. Dept Of Defense: ██████████ vulnerable to CVE-2022-22954

2022-04-11 15:17:31

U.S. Dept Of Defense: ███ vulnerable to CVE-2022-22954

2022-04-11 16:41:20

U.S. Dept Of Defense: ██████████ running a vulnerable log4j

2021-12-11 00:16:38

cve

CVE-2022-22954

2022-04-11 20:15:00

CVE-2022-22960

2022-04-13 18:15:00

CVE-2021-44228

2021-12-10 10:15:00

githubexploit

Exploit for Code Injection in Vmware Identity Manager

2020-10-09 10:14:50

Exploit for Code Injection in Vmware Identity Manager

2022-04-12 09:35:17

Exploit for Code Injection in Vmware Identity Manager

2022-10-20 01:25:12

srcincite

SRC-2022-0005 : VMware Workspace ONE Access customError.ftl Server-side Template Injection Remote Code Execution Vulnerability

2022-02-25 00:00:00

SRC-2022-0011 : VMware Workspace ONE Access gatherConfig.hzn Privilege Escalation Vulnerability

2022-02-25 00:00:00

nessus

VMware Workspace One Access / VMware Identity Manager Server-side Template Injection RCE (CVE-2022-22954)

2022-04-25 00:00:00

Ubuntu 16.04 ESM : Apache Log4j 2 vulnerability (USN-5192-2)

2021-12-17 00:00:00

FreeBSD : graylog -- include log4j patches (3fadd7e4-f8fb-45a0-a218-8fd6423c338f)

2021-12-13 00:00:00

packetstorm

VMware Workspace ONE Access Template Injection / Command Execution

2022-05-03 00:00:00

VMware Workspace ONE Access Privilege Escalation

2023-04-19 00:00:00

Log4Shell HTTP Header Injection

2022-01-12 00:00:00

osv

CVE-2022-22954

2022-04-11 20:15:19

Critical vulnerability in log4j may affect generated PEAR projects

2021-12-16 21:01:51

zdt

VMware Workspace ONE Access Template Injection / Command Execution Exploit

2022-05-04 00:00:00

VMware Workspace ONE Access Privilege Escalation Exploit

2023-04-19 00:00:00

cisa_kev

VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability

2022-04-14 00:00:00

VMware Multiple Products Privilege Escalation Vulnerability

2022-04-15 00:00:00

Apache Log4j2 Remote Code Execution Vulnerability

2021-12-10 00:00:00

nuclei

VMware Workspace ONE Access - Server-Side Template Injection

2022-04-11 16:47:00

checkpoint_advisories

VMware Workspace Remote Code Execution (CVE-2022-22954)

2022-04-27 00:00:00

prion

Remote code execution

2022-04-11 20:15:00

Privilege escalation

2022-04-13 18:15:00

metasploit

VMware Workspace ONE Access CVE-2022-22954

2022-05-02 23:51:46

VMware Workspace ONE Access CVE-2022-22960

2023-04-12 19:36:17

ibm

Security Bulletin: IBM Cloud Pak for Applications is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

2021-12-22 06:59:57

Security Bulletin: IBM Security Verify Privilege Products NOT Affected by CVE-2021-44228 Exploit

2021-12-13 13:37:26

Security Bulletin: Vulnerablity in Apache Log4j affects IBM Tivoli Composite Application Manager for Application Diagnostics (CVE-2021-44228)

2022-03-15 01:17:21

impervablog

Analytics Are Essential for Effective Database Security

2022-01-13 15:23:02

Continuing to Stay Ahead of CVE-2021-44228: Addressing Your Top Questions

2021-12-14 22:55:49

amd

AMD Response to Log4j (Log4Shell) Vulnerability

2021-12-15 00:00:00

kaspersky

KLA12395 RCE vulnerability in Microsoft SQL Server

2021-12-16 00:00:00

KLA12392 RCE vulnerability in Microsoft Azure

2021-12-16 00:00:00

mssecure

MERCURY and DEV-1084: Destructive attack on hybrid environment

2023-04-07 16:00:00

msrc

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

2021-12-12 05:28:18

CVE-2021-44228 Apache Log4j 2 に対するマイクロソフトの対応

2021-12-12 08:00:00

qualysblog

Log4Shell – Follow This Multi-Layered Approach for Detection and Remediation

2021-12-28 18:00:00

wallarmlab

Update on Log4Shell (CVE-2021-44228)

2021-12-10 20:22:36

trellix

Log4J and The Memory That Knew Too Much

2022-01-19 00:00:00

talosblog

How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity

2024-02-21 13:54:48

veracode

Remote Code Execution (RCE)

2021-12-10 15:09:45

fedora

[SECURITY] Fedora 34 Update: log4j-2.16.0-1.fc34

2021-12-22 01:14:26

redhat

(RHSA-2021:5130) Critical: Red Hat Integration Camel-K 1.6.2 release and security update

2021-12-14 17:51:25

(RHSA-2021:5126) Critical: Red Hat Integration Camel Extensions for Quarkus GA security update

2021-12-14 16:15:45

(RHSA-2021:5093) Critical: Red Hat build of Eclipse Vert.x 4.1.5 SP1 security update

2021-12-14 15:57:34

trendmicroblog

Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited

2021-12-13 00:00:00

akamaiblog

Threat Intelligence on Log4j CVE: Key Findings and Their Implications

2021-12-17 19:30:00

openvas

openSUSE: Security Advisory for logback (openSUSE-SU-2021:1613-1)

2022-02-01 00:00:00

Debian: Security Advisory (DLA-2842-1)

2021-12-13 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Related for AKB:3191CCF9-DA8E-43DF-8152-1E3A5D1A3C45