Description

VMware Workspace ONE Access is vulnerable to server side template injection, which could be used for remote code execution.

Remediation

Upgrade to the latest version of VMware Workspace ONE Access

References

VMSA-2022-0011: Questions and Answers

Related Vulnerabilities

Rejetto HTTP File Server SSTI RCE (CVE-2024-23692)

WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)

Drupal Core 7.x Remote Code Execution (7.0 - 7.58)

Server-side JavaScript injection

Zikula Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2293)

Severity

High

Classification

CVE-2022-22954 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Server Side Template Injection Code Execution