CVE-2022-22954
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 10, 2022
- Published Date
- April 11, 2022
- Last Updated
- February 04, 2025
- Vendor
- n/a
- Product
- VMware Workspace ONE Access and Identity Manager
- Description
- VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-04-14 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_workspace_one_access_cve_2022_22954.rb | 2025-04-29 11:01:16 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22954.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
vmware_workspace_one_access_cve_2022_22954
Type: metasploit • Created: Unknown
amit-pathak009/CVE-2022-22954
Type: github • Created: 2022-08-13 18:00:04 UTC • Stars: 0
b4dboy17/CVE-2022-22954
Type: github • Created: 2022-06-03 09:17:12 UTC • Stars: 4
orwagodfather/CVE-2022-22954
Type: github • Created: 2022-06-03 08:51:44 UTC • Stars: 7
secfb/CVE-2022-22954
Type: github • Created: 2022-06-01 21:05:56 UTC • Stars: 0
Chocapikk/CVE-2022-22954
Type: github • Created: 2022-06-01 19:33:32 UTC • Stars: 2
MLX15/CVE-2022-22954
Type: github • Created: 2022-04-15 19:26:56 UTC • Stars: 4
bewhale/CVE-2022-22954
Type: github • Created: 2022-04-13 16:18:56 UTC • Stars: 71
tunelko/CVE-2022-22954-PoC
Type: github • Created: 2022-04-13 08:52:15 UTC • Stars: 11
DrorDvash/CVE-2022-22954_VMware_PoC
Type: github • Created: 2022-04-12 21:15:27 UTC • Stars: 10
mumu2020629/-CVE-2022-22954-scanner
Type: github • Created: 2022-04-12 08:36:33 UTC • Stars: 1
lucksec/VMware-CVE-2022-22954
Type: github • Created: 2022-04-12 06:35:10 UTC • Stars: 0
bb33bb/CVE-2022-22954-VMware-RCE
Type: github • Created: 2022-04-12 06:09:55 UTC • Stars: 1
jax7sec/CVE-2022-22954
Type: github • Created: 2022-04-12 04:14:36 UTC • Stars: 11
aniqfakhrul/CVE-2022-22954
Type: github • Created: 2022-04-11 23:21:50 UTC • Stars: 5
Vulnmachines/VMWare_CVE-2022-22954
Type: github • Created: 2022-04-11 19:46:56 UTC • Stars: 11
sherlocksecurity/VMware-CVE-2022-22954
Type: github • Created: 2022-04-11 13:59:23 UTC • Stars: 281
axingde/CVE-2022-22954-POC
Type: github • Created: 2020-10-09 10:14:50 UTC • Stars: 3