CVE-2022-22954
CRITICAL9.8Remote code execCISA KEVRansomwarePublic PoCHigh EPSS
Description
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Exploits & proofs of concept
- nucleiVMware Workspace ONE Access - Server-Side Template Injectionby sherlocksecurity