← back
CVE-2022-22954

CVE-2022-22954

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-94
In short

VMware Workspace ONE Access and Identity Manager have a flaw that allows remote code execution through template injection. An attacker on the network can exploit this to run malicious code on the server.

Technical detail

Server-side template injection vulnerability in VMware Workspace ONE Access and Identity Manager allows unauthenticated remote code execution (CVSS 9.8). The vulnerability stems from improper input validation in template processing, enabling attackers with network access to inject malicious template directives that execute arbitrary code with server privileges.

Summary generated and translated by AI from the official description.
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · VMware Workspace ONE Access and Identity Manager
public PoCs found26
githubgithub.com/Schira4396/VcenterKiller1475githubgithub.com/sherlocksecurity/VMware-CVE-2022-22954279githubgithub.com/bewhale/CVE-2022-2295468githubgithub.com/tunelko/CVE-2022-22954-PoC16githubgithub.com/jax7sec/CVE-2022-2295412githubgithub.com/Vulnmachines/VMWare_CVE-2022-2295411githubgithub.com/DrorDvash/CVE-2022-22954_VMware_PoC10githubgithub.com/orwagodfather/CVE-2022-229548githubgithub.com/b4dboy17/CVE-2022-229545githubgithub.com/aniqfakhrul/CVE-2022-229544githubgithub.com/MLX15/CVE-2022-229544githubgithub.com/Chocapikk/CVE-2022-229544githubgithub.com/axingde/CVE-2022-22954-POC2githubgithub.com/emilyastranova/VMware-CVE-2022-22954-Command-Injector1githubgithub.com/mumu2020629/-CVE-2022-22954-scanner1githubgithub.com/MSeymenD/CVE-2022-22954-Testi1githubgithub.com/corelight/cve-2022-229541githubgithub.com/nguyenv1nK/CVE-2022-229540githubgithub.com/mhurts/CVE-2022-22954-POC0githubgithub.com/secfb/CVE-2022-229540githubgithub.com/Jun-5heng/CVE-2022-229540githubgithub.com/lucksec/VMware-CVE-2022-229540githubgithub.com/arzuozkan/CVE-2022-229540githubgithub.com/amit-pathak009/CVE-2022-229540githubgithub.com/amit-pathak009/CVE-2022-22954-PoC0cve_referencepacketstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22954https://www.vmware.com/security/advisories/VMSA-2022-0011.html