The VMware Workspace One Access (formerly VMware Identity Manager) application running on the remote host is affected by a remote code execution vulnerability due to server-side template injection. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to execute arbitrary code on the remote host.

Binary data vmware_workspace_one_access_cve-2022-22954.nbin

VendorProductVersionCPE
vmwareworkspace_one_accesscpe:/a:vmware:workspace_one_access
vmwareidentity_managercpe:/a:vmware:identity_manager

Vendor	Product	Version	CPE
vmware	workspace_one_access		cpe:/a:vmware:workspace_one_access
vmware	identity_manager		cpe:/a:vmware:identity_manager

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22954

github.com/sherlocksecurity/VMware-CVE-2022-22954

kb.vmware.com/s/article/88099

www.vmware.com/security/advisories/VMSA-2022-0011.html

hackerone 2

cve 1

githubexploit 22

srcincite 1

threatpost 2

packetstorm 1

osv 1

thn 9

zdt 1

cisa_kev 1

nuclei 1

checkpoint_advisories 1

prion 1

hivepro 4

metasploit 1

attackerkb 3

rapid7blog 7

ics 3

cisa 1

malwarebytes 2

vmware 1

nessus 1

qualysblog 1

hackerone

U.S. Dept Of Defense: ██████████ vulnerable to CVE-2022-22954

2022-04-11 15:17:31

U.S. Dept Of Defense: ███ vulnerable to CVE-2022-22954

2022-04-11 16:41:20

cve

CVE-2022-22954

2022-04-11 20:15:00

githubexploit

Exploit for Code Injection in Vmware Identity Manager

2020-10-09 10:14:50

Exploit for Code Injection in Vmware Identity Manager

2022-04-12 09:35:17

Exploit for Code Injection in Vmware Identity Manager

2022-06-03 09:17:12

srcincite

SRC-2022-0005 : VMware Workspace ONE Access customError.ftl Server-side Template Injection Remote Code Execution Vulnerability

2022-02-25 00:00:00

threatpost

Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data

2022-06-28 11:57:06

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

2022-05-18 13:54:23

packetstorm

VMware Workspace ONE Access Template Injection / Command Execution

2022-05-03 00:00:00

osv

CVE-2022-22954

2022-04-11 20:15:19

thn

Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild

2022-04-14 04:31:00

Iranian Hackers Exploiting VMware RCE Bug to Deploy 'Core Impact' Backdoor

2022-04-26 06:18:00

Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware

2022-10-21 14:56:00

zdt

VMware Workspace ONE Access Template Injection / Command Execution Exploit

2022-05-04 00:00:00

cisa_kev

VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability

2022-04-14 00:00:00

nuclei

VMware Workspace ONE Access - Server-Side Template Injection

2022-04-11 16:47:00

checkpoint_advisories

VMware Workspace Remote Code Execution (CVE-2022-22954)

2022-04-27 00:00:00

prion

Remote code execution

2022-04-11 20:15:00

hivepro

Newly patched VMware vulnerability exploited by Iranian espionage group, Rocket Kitten

2022-04-26 12:44:24

Two actively exploited vulnerabilities affect multiple VMware products

2022-04-18 13:06:29

Vulnerabilities in VMware when chained together grants Full System Control

2022-05-19 14:34:51

metasploit

VMware Workspace ONE Access CVE-2022-22954

2022-05-02 23:51:46

attackerkb

CVE-2022-22960

2022-04-13 00:00:00

CVE-2022-22972

2022-05-26 00:00:00

CVE-2022-22954

2022-05-06 00:00:00

rapid7blog

Metasploit Wrap-Up

2022-05-06 17:56:15

CVE-2022-31660 and CVE-2022-31661 (FIXED): VMware Workspace ONE Access, Identity Manager, and vRealize Automation LPE

2022-08-05 15:13:15

Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954

2022-04-29 13:25:42

ics

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

2022-07-18 12:00:00

Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control

2022-06-02 12:00:00

2022 Top Routinely Exploited Vulnerabilities

2023-08-03 12:00:00

cisa

CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities

2022-05-18 00:00:00

malwarebytes

VMWare vulnerabilities are actively being exploited, CISA warns

2022-05-19 12:42:13

2022's most routinely exploited vulnerabilities—history repeats

2023-08-07 18:30:00

vmware

VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.

2022-04-06 00:00:00

nessus

VMware Workspace One Access / VMware Identity Manager Multiple Vulnerabilities (VMSA-2022-0011)

2022-04-06 00:00:00

qualysblog

Qualys Tackles 2022’s Top Routinely Exploited Cyber Vulnerabilities

2023-08-24 19:07:05

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for VMWARE_WORKSPACE_ONE_ACCESS_CVE-2022-22954.NBIN