Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to organizations about malicious actors using CVE-2022-22954 and CVE-2022-22960. This alert was published following the disclosure of two related vulnerabilities (CVE-2022-22972 and CVE-2022-22973), putting it vulnerable to future exploitation. All these flaws might be exploited separately or in combination to obtain total control.

malwarebytes 2

rapid7blog 8

cisa 1

ics 3

attackerkb 3

thn 9

nessus 4

vmware 2

hivepro 3

threatpost 2

githubexploit 24

cve 4

prion 4

osv 3

checkpoint_advisories 2

nuclei 2

hackerone 2

srcincite 2

packetstorm 3

metasploit 3

cisa_kev 2

zdt 3

trellix 2

qualysblog 1

malwarebytes

VMWare vulnerabilities are actively being exploited, CISA warns

2022-05-19 12:42:13

2022's most routinely exploited vulnerabilities—history repeats

2023-08-07 18:30:00

rapid7blog

CVE-2022-22972: Critical Authentication Bypass in VMware Workspace ONE Access, Identity Manager, and vRealize Automation

2022-05-19 13:54:07

Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954

2022-04-29 13:25:42

Metasploit Wrap-Up

2022-05-06 17:56:15

cisa

CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities

2022-05-18 00:00:00

ics

Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control

2022-06-02 12:00:00

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

2022-07-18 12:00:00

2022 Top Routinely Exploited Vulnerabilities

2023-08-03 12:00:00

attackerkb

CVE-2022-22972

2022-05-26 00:00:00

CVE-2022-22960

2022-04-13 00:00:00

CVE-2022-22954

2022-05-06 00:00:00

thn

VMware Releases Patches for New Vulnerabilities Affecting Multiple Products

2022-05-19 05:48:00

Iranian Hackers Exploiting VMware RCE Bug to Deploy 'Core Impact' Backdoor

2022-04-26 06:18:00

Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild

2022-04-14 04:31:00

nessus

VMware Workspace One Access / VMware Identity Manager Multiple Vulnerabilities (VMSA-2022-0014)

2022-07-27 00:00:00

VMware Workspace One Access / VMware Identity Manager Authentication Bypass (Direct Check) (CVE-2022-22972)

2022-05-18 00:00:00

VMware Workspace One Access / VMware Identity Manager Server-side Template Injection RCE (CVE-2022-22954)

2022-04-25 00:00:00

vmware

VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.

2022-05-18 00:00:00

VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.

2022-04-06 00:00:00

hivepro

Two actively exploited vulnerabilities affect multiple VMware products

2022-04-18 13:06:29

Newly patched VMware vulnerability exploited by Iranian espionage group, Rocket Kitten

2022-04-26 12:44:24

Weekly Threat Digest: 11 – 17 April 2022

2022-04-21 04:59:07

threatpost

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

2022-05-18 13:54:23

Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data

2022-06-28 11:57:06

githubexploit

Exploit for Vulnerability in Vmware Identity Manager

2022-05-28 20:56:09

Exploit for Vulnerability in Vmware Identity Manager

2022-05-24 20:19:55

Exploit for Code Injection in Vmware Identity Manager

2022-10-20 01:25:12

cve

CVE-2022-22972

2022-05-20 21:15:00

CVE-2022-22973

2022-05-20 21:15:00

CVE-2022-22954

2022-04-11 20:15:00

prion

Privilege escalation

2022-05-20 21:15:00

Authentication flaw

2022-05-20 21:15:00

Remote code execution

2022-04-11 20:15:00

osv

CVE-2022-22973

2022-05-20 21:15:09

CVE-2022-22972

2022-05-20 21:15:09

CVE-2022-22954

2022-04-11 20:15:19

checkpoint_advisories

VMware Authentication Bypass (CVE-2022-22972)

2022-05-29 00:00:00

VMware Workspace Remote Code Execution (CVE-2022-22954)

2022-04-27 00:00:00

nuclei

VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass

2022-05-30 23:02:11

VMware Workspace ONE Access - Server-Side Template Injection

2022-04-11 16:47:00

hackerone

U.S. Dept Of Defense: ██████████ vulnerable to CVE-2022-22954

2022-04-11 15:17:31

U.S. Dept Of Defense: ███ vulnerable to CVE-2022-22954

2022-04-11 16:41:20

srcincite

SRC-2022-0005 : VMware Workspace ONE Access customError.ftl Server-side Template Injection Remote Code Execution Vulnerability

2022-02-25 00:00:00

SRC-2022-0011 : VMware Workspace ONE Access gatherConfig.hzn Privilege Escalation Vulnerability

2022-02-25 00:00:00

packetstorm

VMware Workspace ONE Access Template Injection / Command Execution

2022-05-03 00:00:00

VMware Workspace ONE Access Privilege Escalation

2023-04-19 00:00:00

Mware Workspace ONE Remote Code Execution

2023-04-18 00:00:00

metasploit

VMware Workspace ONE Access CVE-2022-22954

2022-05-02 23:51:46

VMware Workspace ONE Access CVE-2022-22960

2023-04-12 19:36:17

VMware Workspace ONE Access VMSA-2022-0011 exploit chain

2023-04-06 03:10:34

cisa_kev

VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability

2022-04-14 00:00:00

VMware Multiple Products Privilege Escalation Vulnerability

2022-04-15 00:00:00

zdt

VMware Workspace ONE Access Template Injection / Command Execution Exploit

2022-05-04 00:00:00

VMware Workspace ONE Access Privilege Escalation Exploit

2023-04-19 00:00:00

VMware Workspace ONE Remote Code Execution Exploit

2023-04-18 00:00:00

trellix

The Bug Report – May 2022 Edition

2022-06-01 00:00:00

The Bug Report – May 2022 Edition

2022-06-01 00:00:00

qualysblog

Qualys Tackles 2022’s Top Routinely Exploited Cyber Vulnerabilities

2023-08-24 19:07:05

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for HIVEPRO:4FB5DD5F7C41E3797518D866E88BFA8C