WEB APPLICATION VULNERABILITIES Standard & Premium

VMware Workspace ONE Access SSTI (CVE-2022-22954)

Description

VMware Workspace ONE Access is vulnerable to server side template injection, which could be used for remote code execution.

Remediation

Upgrade to the latest version of VMware Workspace ONE Access

References

VMSA-2022-0011: Questions and Answers

Related Vulnerabilities

Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)

Unauthenticated remote code execution vulnerability in Confluence Server and Data Center

WordPress Plugin Video Embed & Thumbnail Generator 'kg_callffmpeg.php' Multiple Remote Code Execution Vulnerabilities (1.1)

Apache Log4j2 JNDI Remote Code Execution (delayed)

Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability

Severity

High

Classification

CVE-2022-22954 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Server Side Template Injection Code Execution