vmware cloud-foundation CVE-2022-22954 vulnerability in VMware Products
Published on April 11, 2022

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

Vendor Advisory NVD

Known Exploited Vulnerability

This VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.

The following remediation steps are recommended / required by May 5, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2022-22954 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

What is a Code Injection Vulnerability?

The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVE-2022-22954 has been classified to as a Code Injection vulnerability or weakness.


Products Associated with CVE-2022-22954

You can be notified by stack.watch whenever vulnerabilities like CVE-2022-22954 are published in these products:

VMware Cloud Foundation
 
VMware Vrealize Suite Lifecycle Manager
 

What versions are vulnerable to CVE-2022-22954?

Each of the following must match for the vulnerability to exist.