Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2022-22954
PUBLISHEDVMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious...
- Vendor
- VMware
- Product
- VMware Workspace ONE Access and Identity Manager
- Published
- Apr 11, 2022
- EPSS
- —
Description
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/Au:N/C:C/I:C/A:C
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Apr 14, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_workspace_one_access_cve_2022_22954.rb | Apr 28, 2025 |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22954.yaml | Apr 25, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
metasploit · Created Unknown
Metasploit module for CVE-2022-22954
github · Created 2022-06-03 09:17:12 UTC · 4 stars
VMware Workspace ONE Access and Identity Manager RCE via SSTI. CVE-2022-22954 - PoC SSTI * exploit+payload+shodan (ну набором)
github · Created 2022-06-03 08:51:44 UTC · 7 stars
github · Created 2022-06-01 21:05:56 UTC · 0 stars
Python script to exploit CVE-2022-22954 and then exploit CVE-2022-22960
github · Created 2022-06-01 19:33:32 UTC · 2 stars
Python script to exploit CVE-2022-22954 and then exploit CVE-2022-22960
github · Created 2022-04-15 19:26:56 UTC · 4 stars
CVE-2022-22954 VMware Workspace ONE Access free marker SSTI
github · Created 2022-04-13 16:18:56 UTC · 71 stars
CVE-2022-22954 VMware Workspace ONE Access freemarker SSTI 漏洞 命令执行、批量检测脚本、文件写入
github · Created 2022-04-13 08:52:15 UTC · 11 stars
VMware Workspace ONE Access and Identity Manager RCE via SSTI - Test script for shodan, file or manual.
github · Created 2022-04-12 21:15:27 UTC · 10 stars
PoC for CVE-2022-22954 - VMware Workspace ONE Access Freemarker Server-Side Template Injection
github · Created 2022-04-12 08:36:33 UTC · 1 stars
github · Created 2022-04-12 06:35:10 UTC · 0 stars
github · Created 2022-04-12 06:09:55 UTC · 1 stars
CVE-2022-22954-VMware-RCE批量检测POC
github · Created 2022-04-12 04:14:36 UTC · 11 stars
提供批量扫描URL以及执行命令功能。Workspace ONE Access 模板注入漏洞,可执行任意代码
github · Created 2022-04-11 23:21:50 UTC · 5 stars
github · Created 2022-04-11 19:46:56 UTC · 11 stars
CVE-2022-22954 is a server-side template injection vulnerability in the VMware Workspace ONE Access and Identity Manager
github · Created 2022-04-11 13:59:23 UTC · 281 stars
POC for VMWARE CVE-2022-22954
github · Created 2020-10-09 10:14:50 UTC · 3 stars
提供单个或批量URL扫描是否存在CVE-2022-22954功能
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Exploit Used in Malware
-
Added to KEVIntel
-
Detected by Nuclei
-
Detected by Metasploit