Description

VMware Workspace ONE Access is vulnerable to server side template injection, which could be used for remote code execution.

Remediation

Upgrade to the latest version of VMware Workspace ONE Access

References

VMSA-2022-0011: Questions and Answers

Related Vulnerabilities

Telerik Web UI Unrestricted File Upload (CVE-2017-11317)

Unauthenticated OGNL injection in Confluence Server and Data Center

Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2)

Hashicorp Consul API is accessible without authentication

F5 BIG-IP Traffic Management User Interface (TMUI) RCE

Severity

High

Classification

CVE-2022-22954 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Server Side Template Injection Code Execution