Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.VMWARE_WORKSPACE_ONE_ACCESS_VMSA-2022-0011.NASLHistoryApr 06, 2022 - 12:00 a.m.
VMware Workspace One Access / VMware Identity Manager Multiple Vulnerabilities (VMSA-2022-0011)
2022-04-0600:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
215
The VMware Workspace One Access (formerly VMware Identity Manager) application running on the remote host is affected by the following vulnerabilities:
- Server-side Template Injection Remote Code Execution Vulnerability (CVE-2022-22954)
- OAuth2 ACS Authentication Bypass Vulnerabilities (CVE-2022-22955, CVE-2022-22956)
- JDBC Injection Remote Code Execution Vulnerabilities (CVE-2022-22957, CVE-2022-22958)
- Cross Site Request Forgery Vulnerability (CVE-2022-22959)
- Local Privilege Escalation Vulnerability (CVE-2022-22960)
- Information Disclosure Vulnerability (CVE-2022-22961)
Note that Nessus has not tested for this issue but has instead relied only on the applicationβs self-reported version.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(159548);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/01/26");
script_cve_id(
"CVE-2022-22954",
"CVE-2022-22955",
"CVE-2022-22956",
"CVE-2022-22957",
"CVE-2022-22958",
"CVE-2022-22959",
"CVE-2022-22960",
"CVE-2022-22961"
);
script_xref(name:"VMSA", value:"2022-0011");
script_xref(name:"IAVA", value:"2022-A-0136-S");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/05");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/06");
script_xref(name:"CEA-ID", value:"CEA-2022-0012");
script_name(english:"VMware Workspace One Access / VMware Identity Manager Multiple Vulnerabilities (VMSA-2022-0011)");
script_set_attribute(attribute:"synopsis", value:
"An identity store broker application running on the remote host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The VMware Workspace One Access (formerly VMware Identity Manager) application running on the remote host is affected
by the following vulnerabilities:
- Server-side Template Injection Remote Code Execution Vulnerability (CVE-2022-22954)
- OAuth2 ACS Authentication Bypass Vulnerabilities (CVE-2022-22955, CVE-2022-22956)
- JDBC Injection Remote Code Execution Vulnerabilities (CVE-2022-22957, CVE-2022-22958)
- Cross Site Request Forgery Vulnerability (CVE-2022-22959)
- Local Privilege Escalation Vulnerability (CVE-2022-22960)
- Information Disclosure Vulnerability (CVE-2022-22961)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version.");
script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2022-0011.html");
script_set_attribute(attribute:"see_also", value:"https://kb.vmware.com/s/article/88099");
script_set_attribute(attribute:"solution", value:
"Apply the HW-154129 hotfix to VMware Workspace One Access / VMware Identity Manager as per the VMSA-2022-0011 advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-22954");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-22956");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'VMware Workspace ONE Access CVE-2022-22954');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/04/06");
script_set_attribute(attribute:"patch_publication_date", value:"2022/04/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/06");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:workspace_one_access");
script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:identity_manager");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("vmware_workspace_one_access_web_detect.nbin");
script_require_keys("installed_sw/VMware Workspace ONE Access");
exit(0);
}
include('http.inc');
include('vcf.inc');
include('vcf_extras.inc');
var app = 'VMware Workspace ONE Access';
get_install_count(app_name:app, exit_if_zero:TRUE);
var port = get_http_port(default:80);
var app_info = vcf::vmware_workspace_one_access::get_app_info(port:port);
# 3.3.[3456] don't have fixed builds, so audit out unless we are doing a paranoid scan
if (app_info.version =~ "3\.3\.[3456]\." && report_paranoia < 2)
audit(AUDIT_PARANOID);
var constraints = [
{ 'min_version':'3.3.3.0.0', 'fixed_version':'3.3.4.0.0', 'fixed_display':'3.3.3 with HW-154129' },
{ 'min_version':'3.3.4.0.0', 'fixed_version':'3.3.5.0.0', 'fixed_display':'3.3.4 with HW-154129' },
{ 'min_version':'3.3.5.0.0', 'fixed_version':'3.3.6.0.0', 'fixed_display':'3.3.5 with HW-154129' },
{ 'min_version':'3.3.6.0.0', 'fixed_version':'3.3.7.0.0', 'fixed_display':'3.3.6 with HW-154129' },
{ 'min_version':'20.10.0.0', 'fixed_version':'20.10.0.0.19540061', 'fixed_display':'20.10.0.0 Build 19540061 (HW-154129)' },
{ 'min_version':'20.10.0.1', 'fixed_version':'20.10.0.1.19540061', 'fixed_display':'20.10.0.1 Build 19540061 (HW-154129)' },
{ 'min_version':'21.08.0.0', 'fixed_version':'21.08.0.0.19539711', 'fixed_display':'21.08.0.0 Build 19539711 (HW-154129)' },
{ 'min_version':'21.08.0.1', 'fixed_version':'21.08.0.1.19539711', 'fixed_display':'21.08.0.1 Build 19539711 (HW-154129)' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| vmware | workspace_one_access | cpe:/a:vmware:workspace_one_access | |
| vmware | identity_manager | cpe:/a:vmware:identity_manager |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22954
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22955
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22956
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22957
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22961
kb.vmware.com/s/article/88099
www.vmware.com/security/advisories/VMSA-2022-0011.html
Related
thn
thn
vmware
vmware
packetstorm
packetstorm
Mware Workspace ONE Remote Code Execution
2023-04-18 00:00:00
VMware Workspace ONE Access Template Injection / Command Execution
2022-05-03 00:00:00
VMware Workspace ONE Access Privilege Escalation
2023-04-19 00:00:00
metasploit
metasploit
VMware Workspace ONE Access VMSA-2022-0011 exploit chain
2023-04-06 03:10:34
VMware Workspace ONE Access CVE-2022-22954
2022-05-02 23:51:46
VMware Workspace ONE Access CVE-2022-22960
2023-04-12 19:36:17
hivepro
hivepro
Weekly Threat Digest: 11 β 17 April 2022
2022-04-21 04:59:07
Two actively exploited vulnerabilities affect multiple VMware products
2022-04-18 13:06:29
Vulnerabilities in VMware when chained together grants Full System Control
2022-05-19 14:34:51
zdt
zdt
VMware Workspace ONE Remote Code Execution Exploit
2023-04-18 00:00:00
VMware Workspace ONE Access Template Injection / Command Execution Exploit
2022-05-04 00:00:00
VMware Workspace ONE Access Privilege Escalation Exploit
2023-04-19 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-04-21 18:02:40
Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954
2022-04-29 13:25:42
cve
cve
prion
prion
Authentication flaw
2022-04-13 18:15:00
Deserialization of untrusted data
2022-04-13 18:15:00
Authentication flaw
2022-04-13 18:15:00
attackerkb
attackerkb
threatpost
threatpost
April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell
2022-05-18 13:54:23
Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data
2022-06-28 11:57:06
ics
ics
2022 Top Routinely Exploited Vulnerabilities
2023-08-03 12:00:00
srcincite
srcincite
cisa
cisa
malwarebytes
malwarebytes
VMWare vulnerabilities are actively being exploited, CISA warns
2022-05-19 12:42:13
2022's most routinely exploited vulnerabilitiesβhistory repeats
2023-08-07 18:30:00
hackerone
hackerone
U.S. Dept Of Defense: ββββββββββ vulnerable to CVE-2022-22954
2022-04-11 15:17:31
U.S. Dept Of Defense: βββ vulnerable to CVE-2022-22954
2022-04-11 16:41:20
githubexploit
githubexploit
Exploit for Code Injection in Vmware Identity Manager
2020-10-09 10:14:50
Exploit for Code Injection in Vmware Identity Manager
2022-04-12 09:35:17
Exploit for Code Injection in Vmware Identity Manager
2022-04-15 19:26:56
checkpoint_advisories
checkpoint_advisories
VMware Workspace Remote Code Execution (CVE-2022-22954)
2022-04-27 00:00:00
nessus
nessus
cisa_kev
cisa_kev
VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability
2022-04-14 00:00:00
VMware Multiple Products Privilege Escalation Vulnerability
2022-04-15 00:00:00
nuclei
nuclei
VMware Workspace ONE Access - Server-Side Template Injection
2022-04-11 16:47:00
osv
osv
CVE-2022-22954
2022-04-11 20:15:19
qualysblog
qualysblog
Qualys Tackles 2022βs Top Routinely Exploited Cyber Vulnerabilities
2023-08-24 19:07:05
Related for VMWARE_WORKSPACE_ONE_ACCESS_VMSA-2022-0011.NASL