ID: CVE-2022-22954

Last Modified: May 3, 2022

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

Twitter Activity

Tweets last week: 12

Remaining steady

Yahoo Activity

Yahoo results: 11500

Remaining steady

EPSS History

Current EPSS Score: 0.93243

Remaining steady


Reddit Activity

Reddit Posts: 15

Remaining steady

Github Repos

Github Repos: 28

Remaining steady

Exploits

Found exploits:

Attack Vector: Network

Attack Complexity: Low

Privileges Required: None

User Interaction: None

Scope: Unchanged

Confidentiality: High

Integrity: High

Availability: High

Base Score: 9.8

Exploitability Score: 3.9

Impact Score: 5.9

CVSS V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Specialize CVSS-Score

Access Vector: Network

Access Complexity: Low

Authentication: None

Confidentiality Impact: Complete

Integrity Impact: Complete

Availability Impact: Complete

Base Score: 10.0

Exploitability Score: 10.0

Impact Score: 10.0

CVSS V2: AV:N/AC:L/Au:N/C:C/I:C/A:C

Specialize CVSS-Score

CWE-94

Condition Configuration
AND
OR
OR
Alle Schwachstellen für vmware
Alle Schwachstellen für vmware
Alle Schwachstellen für vmware
Alle Schwachstellen für vmware
Alle Schwachstellen für vmware
Alle Schwachstellen für vmware
Alle Schwachstellen für vmware
Alle Schwachstellen für vmware
Alle Schwachstellen für vmware
Alle Schwachstellen für vmware
OR
OR
Alle Schwachstellen für linux
Condition Configuration
OR
OR
Alle Schwachstellen für vmware
Alle Schwachstellen für vmware
                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <set operator="and">
            <set operator="or">
                <prop key="application" value="cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*"/>
                <prop key="application" value="cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*"/>
                <prop key="application" value="cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*"/>
                <prop key="application" value="cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*"/>
                <prop key="application" value="cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*"/>
                <prop key="application" value="cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*"/>
                <prop key="application" value="cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*"/>
                <prop key="application" value="cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*"/>
                <prop key="application" value="cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*"/>
                <prop key="application" value="cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*"/>
            </set>
            <set operator="or">
                <prop key="application" value="cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"/>
            </set>
        </set>
        <set operator="or">
            <prop key="application" value="cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*"/>
        </set>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

                  
                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>