9.8
CVSSv3

CVE-2022-22954

Published: 11/04/2022 Updated: 03/05/2022
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware identity_manager 3.3.3

vmware vrealize_automation 7.6

vmware identity_manager 3.3.4

vmware identity_manager 3.3.5

vmware vrealize_automation

vmware identity_manager 3.3.6

vmware workspace_one_access 20.10.0.1

vmware workspace_one_access 20.10.0.0

vmware workspace_one_access 21.08.0.1

vmware workspace_one_access 21.08.0.0

vmware vrealize suite lifecycle manager

vmware cloud foundation

Mailing Lists

This Metasploit module exploits CVE-2022-22954, an unauthenticated server-side template injection (SSTI) vulnerability in VMware Workspace ONE Access, to execute shell commands as the horizon user ...

Github Repositories

CVE-2022-22954 This package detects a subset of CVE-2022-22954 attempts and exploits, generates a notice, and also includes the exploit URI and the first 4KB of the data that was sent back to the attacker as a response While detecting this attack is more straightforward from log analysis, this package helps by logging the response sent back to the attacker to aid in incidence

CVE-2022-22954 Attention Please use this at your own risk This repo is meant only for educational purposes and we are strictly against all illegal intentions and we would not be responsible of any illegal activities associated with this repo Be ethical! Example python3 CVE-2022-22954py -u targetcom Shodan Query shodan search "h

CVE-2022-22954-VMware-RCE CVE-2022-22954-VMware-RCE批量检测POC 声明:该项目仅供于学习和安全检测,如果有恶意操作和违法破坏,与本人无关 效果:

CVE-2022-22954-scanner 漏洞介绍 VMware Workspace ONE Access(以前称为VMware Identity Manager)旨在通过多因素身份验证、条件访问和单点登录,让您的员工更快地访问SaaS、Web和本机移动应用程序。 受影响版本如下: VMware Workspace ONE Access Appliance (版本号:201000 ,201001 ,210800 ,210801 ) VMware I

CVE-2022-22954

Threat Hunting with Splunk A repository with Splunk SPL queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromises Vulnerabilities & Detection Analytics Vulnerability Advisory Detection SPL CVE-2022-22954 CVE-2022-22954 Advisory CVE-2022-22954 Detection SPL

Phân tích CVE-2022-22954 Tổng quan Workspace ONE Access (mô hình cung cấp không gian làm việc dưới dạng một dịch vụ) cung cấp tính năng xác thực đa yếu tố, đăng nhập một lần và truy nhập có điều kiện cho SaaS, các ứng dụng web và mobile CVE-2022-22954

CVE-2022-22954 PoC VMware Workspace ONE Access and Identity Manager RCE via SSTI CVE-2022-22954 - PoC SSTI Usage: CVE-2022-22954py [-h] -m SET_MODE [-i IP] [-c CMD] optional arguments: -h, --help show this help message and exit -m SET_MODE, --mode SET_MODE Available modes: shodan | file | manual -i IP, --ip IP Host IP -c CMD,

CVE-2022-22954 PoC VMware Workspace ONE Access and Identity Manager RCE via SSTI CVE-2022-22954 - PoC SSTI Usage: CVE-2022-22954py [-h] -m SET_MODE [-i IP] [-c CMD] optional arguments: -h, --help show this help message and exit -m SET_MODE, --mode SET_MODE Available modes: shodan | file | manual -i IP, --ip IP Host IP -c CMD,

CVE-2022-22954 PoC VMware Workspace ONE Access and Identity Manager RCE via SSTI CVE-2022-22954 - PoC SSTI Usage: CVE-2022-22954py [-h] -m SET_MODE [-i IP] [-c CMD] optional arguments: -h, --help show this help message and exit -m SET_MODE, --mode SET_MODE Available modes: shodan | file | manual -i IP, --ip IP Host IP -c CMD,

CVE-2022-22954 Practicing technical writing with researching CVE-2022-22954 VMware Workspace ONE Access RCE vulnerability

CVE-2022-22954-POC

CVE-2022-22954-Testi CVE-2022-22954 Açığı test etme VMware Workspace ONE Access ve Identity Manager, sunucu tarafı şablon yerleştirme nedeniyle bir uzaktan kod yürütme güvenlik açığı içerir Ağ erişimine sahip kötü niyetli bir aktör, uzaktan kod yürütülmesine neden olabilecek bir sunucu tarafı şablon

VMware-CVE-2022-22954 VMware CVE-2022-22954 Workspace ONE Access Freemarker 服务器端模板注入 POC for Vmware CVE-2022-22954 Use this one line GET request!! This will execute cat /etc/passwd {host}/catalog-portal/ui/oauth/verify?error=&deviceUdid=%24%7b%22%66%72%65%65%6d%61%72%6b%65%72%2e%74%65%6d%70%6c%61%74%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%75%74%65%22%3

VMware-CVE-2022-22954 POC for VMWARE CVE-2022-22954 Use this one line GET request!! This will execute cat /etc/passwd Shodan Query: httpfaviconhash:-1250474341

CVE-2022-22954_VMware_PoC PoC for CVE-2022-22954 - VMware Workspace ONE Access Freemarker Server-Side Template Injection

VMware-CVE-2022-22954-Command-Injector Proof of Concept for exploiting VMware CVE-2022-22954 How it works This simple Python script makes a GET request to the specified URL appended with /catalog-portal/ui/oauth/verify?error=&deviceUdid= and then followed by a URL encoded version of this string: ${"freemarkertemplateutilityExecute"?new()("command"

CVE-2022-22954 CVE-2022-22954 VMware Workspace ONE Access free marker SSTI

CVE-2022-22954 PoC VMware Workspace ONE Access and Identity Manager RCE via SSTI CVE-2022-22954 - PoC SSTI Usage: _______ ________ ___ ____ ___ ___ __ __ _____ __ __ ___ ___ / ____/ | / / ____/ |__ \ / __ \__ \< / / // / / ___// // /|__ \|__ \ / / | | / / __/________/ // / / /_/ // /_____/ // /_/ __ \/ // /___/ /__/ / / /

VMware-CVE-2022-22954-POC 声明:该POC仅供于学习专用,禁止一切违法操作,如果进行恶意破坏与本人无关!!! —、批量检测脚本: 用法: python vm-2022-22954-POCpy urltxt 二、单个url检测: python vm-2022-22954-POCpy xxxxxxxx 脚本执

VMWare_CVE-2022-22954 CVE-2022-22954 is a server-side template injection vulnerability in the VMware Workspace ONE Access and Identity Manager

Dorks Here are some cool unpublished Dorks (GHDB stopped posting since January 2022) Dork Details site:notionso + keyword Juicy Information site:notesio + keyword Juicy Information site:hackmdio + keyword Juicy Information inurl:orgId=1 Exposed Granafa Dashboards site:s3amazonawscom + keyword Exposed Files on Amazon S3 buckets site:blobcorewindowsnet +

CVE-2022-22954 CVE-2022-22954 VMware Workspace ONE Access freemarker SSTI 漏洞 命令执行、批量检测脚本

CVE-2022-22954 PoC VMware Workspace ONE Access and Identity Manager RCE via SSTI CVE-2022-22954 - PoC SSTI Usage: CVE-2022-22954py [-h] -m SET_MODE [-i IP] [-c CMD] optional arguments: -h, --help show this help message and exit -m SET_MODE, --mode SET_MODE Available modes: shodan | file | manual -i IP, --ip IP Host IP -c CMD,

CVE-2022-22954 PoC VMware Workspace ONE Access and Identity Manager RCE via SSTI CVE-2022-22954 - PoC SSTI Usage: CVE-2022-22954py [-h] -m SET_MODE [-i IP] [-c CMD] optional arguments: -h, --help show this help message and exit -m SET_MODE, --mode SET_MODE Available modes: shodan | file | manual -i IP, --ip IP Host IP -c CMD,

CVE-2022-22954 PoC VMware Workspace ONE Access and Identity Manager RCE via SSTI PoC for CVE-2022-2295 Usage: usage: CVE-2022-22954-testpy [-h] -m SET_MODE [-i IP] [-c CMD] CVE-2022-22954 - PoC SSTI optional arguments: -h, --help show this help message and exit -m SET_MODE, --mode SET_MODE Available modes: shodan | file | manual -i IP, --ip IP Host IP -c CMD

CVE-2021-31805-POC 漏洞信息 Apache Struts 是一个免费的开源 MVC 框架,用于创建优雅的现代 Java Web 应用程序。它支持约定优于配置,可使用插件架构进行扩展,并附带支持 REST、AJAX 和 JSON 的插件。 近日Apache官方公布S2-062远程代码执行漏洞安全公告,漏洞编号为 CVE-2021-31805: 针对 CVE-2020-17530 发

One-Liner-Scripts A collection of awesome one-liner scripts for Bug Bounty Hunting, && Web Hacking Thanks to all who create this One Liners Subdomain Enumeration from BufferOverrun curl -s dnsbufferoverrun/dns?q=targetcom | jq -r FDNS_A[] | cut -d',' -f2 | sort -u | tee substxt from Riddlerio cur

fscan 最近更新 [+] 2022/6/30 poc添加CVE-2017-7504-Jboss-serialization-RCEyml CVE-2021-21972-vmcenter-RCEyml CVE-2021-22005-vmcenter-upload-toRCEyml CVE-2022-22954-VMware-RCEyml CVE-2022-22963-Spring-SpEL-RCEyml [+] 2022/4/20 poc模块加入指定目录或文件 -pocpath poc路径,端口可以指定文件-portf porttxt,rdp模块加入多线程爆破demo, -br xx指定

声明:禁止一些违法操作,如有违法操作与本人无关!!! 欢迎关注chaosec公众号!!! 汇总平时写的一些主流&非主流的漏洞POC&EXP,有需要自取 更新: [+] add CNVD-2021-30167-NC-BeanShell-RCE [+] add CNVD-2021-49104_upload [+] add CVE-2021-22005poc [+] add CVE-2022-22947-POC [+] add CVE-2022-22954-VMware-RCE [+] add

CVE-2022-22954, CVE-2022-22955 critical VMware vulnerability; It explains that most turkey-based hosting companies are affected by; CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 List of affected VMware products; VMware Workspace ONE Access (Access) VMware Identity Manager (vIDM) VMware vRealize

fscan-POC 强化fscan的漏扫POC库 声明:该POC仅供于学习跟安全检测使用,如果违法&恶意操作,与本人无关!!!欢迎关注chaosec公众号 如果有师傅想加的漏洞POC可以公众号或者项目评论告诉我 一、使用说明: 将fscan项目拉取到本地,然后找到路径\fscan\WebScan\pocs\,将该项目的yml文件放

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile

Recent Articles

Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data
Threatpost • Sagar Tiwari • 28 Jun 2022

The Cybersecurity and Infrastructure Security Agency (CISA) and Coast Guard Cyber Command (CGCYBER) released a joint advisory warning the Log4Shell flaw is being abused by threat actors that are compromising public-facing VMware Horizon and Unified Access Gateway (UAG) servers.
The VMware Horizon is a platform used by administrators to run and deliver virtual desktops and apps in the hybrid cloud, while UAG provides secure access to the resources residing inside a network.
According ...

Exploit released for critical VMware auth bypass bug, patch now
BleepingComputer • Sergiu Gatlan • 26 May 2022

Proof-of-concept exploit code is now available online for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain admin privileges.
VMware 
 to address the CVE-2022-22972 flaw affecting Workspace ONE Access, VMware Identity Manager (vIDM), or vRealize Automation.
The company also shared temporary workarounds for admins who cannot patch vulnerable appliances immediately, 
them to disable all users except one ...

Hackers exploit critical VMware RCE flaw to install backdoors
BleepingComputer • Bill Toulas • 26 Apr 2022

Advanced hackers are actively exploiting a critical remote code execution (RCE) vulnerability, CVE-2022-22954, that affects in VMware Workspace ONE Access (formerly called VMware Identity Manager).
The issue was addressed in a security update
 along with two more RCEs - CVE-2022-22957 and CVE-2022-22958 that also affect VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.

CISA orders agencies to fix actively exploited VMware, Chrome bugs
BleepingComputer • Sergiu Gatlan • 15 Apr 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution.
The VMware vulnerability (CVE-2022-22960) was
, and it allows attackers to escalate privileges to root on vulnerable servers due to improper permissions in support scripts.
A Chrome zero-day was also included in CISA's
...

Hackers exploit critical VMware CVE-2022-22954 bug, patch now
BleepingComputer • Bill Toulas • 13 Apr 2022

A proof-of-concept exploit has been released online for the VMware CVE-2022-22954 remote code execution vulnerability, already being used in active attacks that infect servers with coin miners.
The vulnerability is a critical (CVSS: 9.8) remote code execution (RCE) impacting VMware Workspace ONE Access and VMware Identity Manager, two widely used software products.
The software vendor released a security advisory for the vulnerability on April 6, 2022, warning about the possibility o...

Hackers exploiting VMware servers with public RCE exploit
BleepingComputer • Bill Toulas • 13 Apr 2022

A proof-of-concept exploit has been released online for the VMware CVE-2022-22954 remote code execution vulnerability, already being used in active attacks that infect servers with coin miners.
The vulnerability is a critical (CVSS: 9.8) remote code execution (RCE) impacting VMware Workspace ONE Access and VMware Identity Manager, two widely used software products.
The software vendor released a security advisory for the vulnerability on April 6, 2022, warning about the possibility o...

Who is exploiting VMware right now? Probably Iran's Rocket Kitten, to name one
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Get our weekly newsletter We hope you've patched that 9.8/10 severity bug

A team of Iranian cyber-spies dubbed Rocket Kitten, for one, is likely behind attempts to exploit a critical remote-code execution vulnerability in VMware's identity management software, according to endpoint security firm Morphisec.
Earlier this month, VMware disclosed and fixed the security flaw, tracked as CVE-2022-22954, in its Workspace ONE Access and Identity Manager software. In terms of CVSS severity, the bug was rated 9.8 out of 10. We note the virtualization giant revised its adv...

Patch your VMware gear now – or yank it out, Uncle Sam tells federal agencies
The Register • Simon Sharwood, APAC Editor • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Critical authentication bypass revealed, older flaws under active attack

Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has issued two warnings in a single day to VMware users, as it believes the virtualization giant's products can be exploited by miscreants to gain control of systems.
The agency rates this threat as sufficiently serious to demand US government agencies pull the plug on their VMware products if patches can’t be applied.
Of the two warnings, one highlights a critical authentication bypass vulnerability – CVE-2022-2...

EnemyBot malware adds enterprise flaws to exploit arsenal
The Register • Jeff Burt • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Fast-evolving botnet targets critical VMware, F5 BIG-IP bugs, we're told

The botnet malware EnemyBot has added exploits to its arsenal, allowing it to infect and spread from enterprise-grade gear.
What's worse, EnemyBot's core source code, minus its exploits, can be found on GitHub, so any miscreant can use the malware to start crafting their own outbreaks of this software nasty.
The group behind EnemyBot is Keksec, a collection of experienced developers, also known as Nero and Freakout, that have been around since 2016 and have launched a number of Linux...

DHS orders federal agencies to patch VMware bugs within 5 days
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

The Department of Homeland Security's cybersecurity unit ordered Federal Civilian Executive Branch (FCEB) agencies today to urgently update or remove VMware products from their networks by Monday due to an increased risk of attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) issued the Emergency Directive 22-03 on Wednesday after VMware 
 (CVE-2022-22972 and CVE-2022-22973) today, auth bypass and a local privilege escalation affecting multiple products.

VMware warns of critical vulnerabilities in multiple products
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

VMware has warned customers to immediately patch critical vulnerabilities in multiple products that threat actors could use to launch remote code execution attacks.
"This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA-2021-0011. The ramifications of this vulnerability are serious," VMware
on Wednesday.
"All environments are different, have different tolerance for risk, and have different security controls and defense-in-depth to...