CVE-2022-22954

NVD Published Date: April 11, 2022 at 08:15 PM
NVD Last Modified: September 09, 2022 at 04:47 PM
Download Patch
Vulnerability ID
CVE-2022-22954
Severity
CRITICAL
Severity Score
9.8
Summary
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
Mitigation and Patches
-
Exploits

https://github.com/Schira4396/VcenterKiller

https://github.com/sherlocksecurity/VMware-CVE-2022-22954

https://github.com/bewhale/CVE-2022-22954

https://github.com/jax7sec/CVE-2022-22954

https://github.com/Vulnmachines/VMWare_CVE-2022-22954

https://github.com/tunelko/CVE-2022-22954-PoC

https://github.com/orwagodfather/CVE-2022-22954

https://github.com/MLX15/CVE-2022-22954

https://github.com/lolminerxmrig/CVE-2022-22954_

https://github.com/DrorDvash/CVE-2022-22954_VMware_PoC

https://github.com/aniqfakhrul/CVE-2022-22954

https://github.com/b4dboy17/CVE-2022-22954

https://github.com/axingde/CVE-2022-22954-POC

https://github.com/sherlocksecurity/VMware-CVE-2022-22954

https://github.com/chaosec2021/CVE-2022-22954-VMware-RCE

https://github.com/jax7sec/CVE-2022-22954

https://github.com/bewhale/CVE-2022-22954

https://github.com/Vulnmachines/VMWare_CVE-2022-22954

https://github.com/tunelko/CVE-2022-22954-PoC

https://github.com/aniqfakhrul/CVE-2022-22954

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_workspace_one_access_cve_2022_22954.rb

https://github.com/MLX15/CVE-2022-22954

https://github.com/DrorDvash/CVE-2022-22954_VMware_PoC

https://github.com/Chocapikk/CVE-2022-22954

https://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html

https://twitter.com/UK_Daniel_Card/status/1514267029158703114?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1514267029158703114%7Ctwgr%5E%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fwww.helpnetsecurity.com%2F2022%2F04%2F14%2Fcve-2022-22954%2F

https://github.com/badboy-sft/CVE-2022-22954

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://github.com/axingde/CVE-2022-22954-POC

http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html

https://github.com/Schira4396/VcenterKiller

https://github.com/lolminerxmrig/CVE-2022-22954_

https://github.com/orwagodfather/CVE-2022-22954

https://github.com/corelight/cve-2022-22954

https://github.com/b4dboy17/CVE-2022-22954

Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-94

Recent Publish

CVE-2022-24816

CVE-2022-29464

CVE-2024-6586

CVE-2024-6585

CVE-2024-45304

CVE-2024-8006

See SecOps Solution
in action

Schedule Demo