VMware.Workspace.ONE.Access.Catalog.Remote.Code.Execution

Description

This indicates an attack attempt against an Server Side Template Injection vulnerability in VMware Workspace ONE Access and Identity Manager.
The vulnerability is due to insufficient sanitizing of user supplied custom templates. A remote attacker can exploit this to execute arbitrary code within the context of the target system.

Outbreak Alert

Fortinet researchers observed VMware vulnerability (CVE-2022-22954) being exploited in the wild and leveraged to deliver multiple malware payloads such as cryptocurrency miners and ransomware on the affected machines. During August 2022, more than 50,000 devices were seen in attack attempts trying to exploit this vulnerability.

View the full Outbreak Alert Report

Affected Products

VMware Workspace ONE Access 20.10.0.1, 20.10.0.0, 21.08.0.1, 21.08.0.0
VMware Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3
VMware Cloud Foundation (vIDM) 4.x
vRealize Suite Lifecycle Manager (vIDM) 8.x

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.vmware.com/security/advisories/VMSA-2022-0011.html

References