WEB APPLICATION VULNERABILITIES Standard & Premium

VMware Workspace ONE Access SSTI (CVE-2022-22954)

Description

VMware Workspace ONE Access is vulnerable to server side template injection, which could be used for remote code execution.

Remediation

Upgrade to the latest version of VMware Workspace ONE Access

References

VMSA-2022-0011: Questions and Answers

Related Vulnerabilities

Telerik Web UI Unrestricted File Upload (CVE-2014-2217)

WordPress Plugin WP Super Cache Remote Code Execution (1.7.1)

WordPress Plugin PropertyHive Remote Code Execution (1.4.25)

WordPress Plugin UnGallery 'search' Parameter Remote Arbitrary Command Execution (2.1.5)

VMware vCenter Log4Shell RCE

Severity

High

Classification

CVE-2022-22954 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Server Side Template Injection Code Execution