VMware Workspace ONE Access vulnerabilities

For CVE-2022-22954, an attacker with network access to the solution, can trigger a server-side template injection that may result in a remote code execution. A Proof-of-concept exploit is available for this vulnerability.

CVE-2022-22955 and CVE-2022-22956 may allow an attacker to bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

‍

Recently, VMware has published Security Advisory VMSA-2022-0011 related to eight different CVEs in VMware Workspace ONE Access. Three of these CVE’s have a score of 9.8 and are the subject of this writing:

• CVE-2022-22954 – Remote code execution
• CVE-2022-22955 – Authentication bypass
• CVE-2022-22956 – Authentication bypass

Vulnerability CVE-2022-22954 also exists in the following related VMware products:

• VMware Identity Manager
• VMware Cloud Foundation
• vRealize Suite Lifecycle Manager

The CVSS scale runs from 0 to 10. A score of 9.8 or higher is rare and implies a high risk of exploitation with high impact. On the 12th of April 2022, a proof-of-concept exploit was published for CVE-2022-22954.

The following versions of VMware Workspace ONE Access Appliance are vulnerable to all three vulnerabilities:

• 20.10.0.0
• 20.10.0.1
• 21.08.0.0
• 21.08.0.1

Additionally, the following related VMware products are affected by CVE-2022-22954:

• Identity Manager versions – 3.3.3 to 3.3.6
• VMware Cloud Foundation versions – 4.x
• vRealize Suite Lifecycle Manager versions – 8.x

VMware has published updates solving the vulnerabilities. It is strongly advised to upgrade as soon as possible. For more information and the download locations of the patches, please refer to the VMware Security Advisory

‍

More information:

• VMware security Advisory

‍