Actively exploited vulnerability

CVE-2022-22954: VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability

VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.

CISA KEV source 14 Apr 2022 added 5 May 2022 remediation due

Affected product

VMware · Workspace ONE Access and Identity Manager

Known ransomware use: Known

Required action

Follow the source advisory and validate exposure in your environment.

Apply updates per vendor instructions.

Related Yasna coverage

Recent reporting that mentions CVE-2022-22954.

Bleeping Computer14 Apr 2022

Hackers exploit critical VMware CVE-2022-22954 bug, patch now

Security researchers have published various proof of concepts (PoCs) scripts for exploiting CVE-2022-22954 on social media and other channels, essentially enabling malicious actors to attack unpatched systems. [...]

Bleeping Computer14 Apr 2022

Hackers exploiting VMware servers with public RCE exploit

Security researchers have published various proof of concepts (PoCs) scripts for exploiting CVE-2022-22954 on social media and other channels, essentially enabling malicious actors to attack unpatched systems. [...]