Description

VMware Workspace ONE Access is vulnerable to server side template injection, which could be used for remote code execution.

Remediation

Upgrade to the latest version of VMware Workspace ONE Access

References

VMSA-2022-0011: Questions and Answers

Related Vulnerabilities

Rails remote code execution using render :inline

WordPress Plugin Coming Soon Possible Remote Code Execution (1.1.3)

WordPress Plugin BackWPup Remote and Local Code Execution (1.6.1)

Liferay TunnelServlet Deserialization Remote Code Execution

WordPress Plugin Kanzu Support Desk-WordPress Helpdesk Remote Code Execution (2.4.6)

Severity

High

Classification

CVE-2022-22954 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Server Side Template Injection Code Execution