CVE-2022-22954

CVE-2022-22954

Information

CVE_ID              : CVE-2022-22954
Severity            : CRITICAL
Published        : 2022-04-11T20:15:19.890
LastModified  : 2025-10-30T20:04:37.270
Updated          : 2025-10-30T20:04:37.270
Status              : Analyzed

Descriptions:

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.


Know Exploitability

Exploitability : False

Vendor Affected

linux

vmware

CVE-2022-22954

V4.0

V3.1

Score : 9.8
Severity : CRITICAL
Attack Vector : NETWORK
Attack Complexity : LOW
Privileges Required : NONE
User Interaction : NONE
Scope : UNCHANGED
Confidentiality Impact : HIGH
Integrity Impact : HIGH
Availability Impact : HIGH
Exploitability : 3.9
Impact Score : 5.9

V3.0

V2.0

Score : 10.0
Severity : HIGH
Access Vector : NETWORK
Access Complexity : LOW
Authentication : NONE
Confidentiality Impact : COMPLETE
Integrity Impact : COMPLETE
Availability Impact : COMPLETE
Exploitability Score : 10.0
Impact Score : 10.0
References

http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html

https://www.vmware.com/security/advisories/VMSA-2022-0011.html

http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html

https://www.vmware.com/security/advisories/VMSA-2022-0011.html

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22954

Vendor Product
vmware
  • identity_manager3.3.3****
  • identity_manager3.3.4****
  • identity_manager3.3.5****
  • identity_manager3.3.6****
  • vrealize_automation7.6****
  • workspace_one_access20.10.0.0****
  • workspace_one_access20.10.0.1****
  • workspace_one_access21.08.0.0****
  • workspace_one_access21.08.0.1****
  • cloud_foundation*****
  • vrealize_suite_lifecycle_manager*****
linux
  • linux_kernel-****