CVE-2022-22954

CriticalKnown ExploitedRansomware

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A…

vmware·CWE-94·Published 2022-04-11

CVSS

9.8

EPSS

1.00

KEV

Yes

Exploits

cve.orgen

258 chars

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

NVDen

258 chars

NVDes

325 chars

VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de ejecución de código remota debido a una inyección de plantillas del lado del servidor. Un actor malicioso con acceso a la red puede desencadenar una inyección de plantillas del lado del servidor que puede resultar en la ejecución de código remota

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	10.0	10.0	10.0	AV:N/AC:L/Au:N/C:C/I:C/A:C
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H