{ "Name": "VMware Workspace ONE Access & Identity Manager Remote Code Execution (CVE-2022-22954)", "Description": "

VMware Workspace ONE is an intelligence-driven digital workspace platform that lets you deliver and manage applications anywhere, anytime, on any device, in a simple and secure way.

VMware workspace one access and Identity Manager have a remote command execution vulnerability caused by server template injection, which can be exploited by unauthenticated attackers for remote arbitrary code execution.

", "Product": "VMware Workspace ONE Access", "Homepage": "https://docs.vmware.com/cn/VMware-Workspace-ONE-Access/index.html", "DisclosureDate": "2022-04-06", "Author": "su18@javaweb.org", "FofaQuery": "(title=\"VMware Identity Manager\" || (body=\"/cfg/help/getHelpLink\" && body=\"

VMware Identity Manager Portal\"))||(banner=\"Location: /workspaceone/index.html\" || (banner=\"Location: /SAAS/apps/\" && banner=\"Content-Length: 0\") || (title=\"Workspace ONE Access\" && (body=\"content=\\\"VMware, Inc.\" || body=\"
Workspace ONE Access
\")) || title=\"VMware Workspace ONE® Assist\")", "GobyQuery": "(title=\"VMware Identity Manager\" || (body=\"/cfg/help/getHelpLink\" && body=\"

VMware Identity Manager Portal\"))||(banner=\"Location: /workspaceone/index.html\" || (banner=\"Location: /SAAS/apps/\" && banner=\"Content-Length: 0\") || (title=\"Workspace ONE Access\" && (body=\"content=\\\"VMware, Inc.\" || body=\"
Workspace ONE Access
\")) || title=\"VMware Workspace ONE® Assist\")", "Level": "3", "Impact": "

VMware workspace one access and Identity Manager have a remote command execution vulnerability caused by server template injection, which can be exploited by unauthenticated attackers for remote arbitrary code execution.

", "Recommendation": "

At present, the official has released an updated patch. Please pay attention to:

https://kb.vmware.com/s/article/88099

", "References": [ "https://fofa.so/" ], "Is0day": true, "HasExp": true, "ExpParams": [ { "name": "cmd", "type": "input", "value": "whoami", "show": "" } ], "ExpTips": { "Type": "", "Content": "" }, "ScanSteps": null, "ExploitSteps": null, "Tags": [ "rce" ], "VulType": [ "rce" ], "CVEIDs": [ "CVE-2022-22954" ], "CNNVD": [ "" ], "CNVD": [ "" ], "CVSSScore": "9.8", "Translation": { "CN": { "Name": "VMware Workspace ONE Access 及 Identity Manager 任意命令执行漏洞(CVE-2022-22954)", "Product": "VMware Workspace ONE Access", "Description": "

VMware Workspace ONE 是一款智慧导向的数位工作区平台,可让您随时随地在任何装置上以简单又安全的方式,交付及管理各种应用程式。

VMware Workspace ONE Access Identity Manager 存在一个由服务器模板注入导致的远程命令执行漏洞,未经身份验证的攻击者可以利用此漏洞进行远程任意代码执行。 

\t\t\t\t\t

\t\t\t\t

\t\t\t

\t\t

", "Recommendation": "

目前官方已经发布更新补丁,请关注:

https://kb.vmware.com/s/article/88099

", "Impact": "

VMware Workspace ONE Access 及 Identity Manager 存在一个由服务器模板注入导致的远程命令执行漏洞,未经身份验证的攻击者可以利用此漏洞进行远程任意代码执行。 

", "VulType": [ "命令执⾏" ], "Tags": [ "命令执⾏" ] }, "EN": { "Name": "VMware Workspace ONE Access & Identity Manager Remote Code Execution (CVE-2022-22954)", "Product": "VMware Workspace ONE Access", "Description": "

VMware Workspace ONE is an intelligence-driven digital workspace platform that lets you deliver and manage applications anywhere, anytime, on any device, in a simple and secure way.

VMware workspace one access and Identity Manager have a remote command execution vulnerability caused by server template injection, which can be exploited by unauthenticated attackers for remote arbitrary code execution.

", "Recommendation": "

At present, the official has released an updated patch. Please pay attention to:

https://kb.vmware.com/s/article/88099

", "Impact": "

VMware workspace one access and Identity Manager have a remote command execution vulnerability caused by server template injection, which can be exploited by unauthenticated attackers for remote arbitrary code execution.

", "VulType": [ "Command Execution" ], "Tags": [ "Command Execution" ] } }, "AttackSurfaces": { "Application": null, "Support": null, "Service": null, "System": null, "Hardware": null } }