VMware has released Critical updates for VMware Workspace ONE Access, Identity Manager and vRealize that address multiple vulnerabilities. VMware also updated the advisory to confirm there is known exploits in the wild for one of those vulnerabilities CVE-2022-22954.
According to the VMware update VMSA-2022-0011, eight vulnerabilities, to include the following Critical vulnerabilities:
- CVE-2022-22954: Server-side Template Injection Remote Code Execution Vulnerability (CVSS 9.8)
- CVE-2022-22955, CVE-2022-22956: OAuth2 ACS Authentication Bypass Vulnerabilities (CVSS 9.8)
- CVE-2022-22957, CVE-2022-22958: JDBC Injection Remote Code Execution Vulnerabilities (CVSS 9.8).
Moreover, VMware also patched two High and one Medium severity vulnerability.
One of the most severe of the Critical vulnerabilities include a VMware Workspace ONE Access and Identity Manager remote code execution vulnerability CVE-2022-22954 caused by a server-side template injection.
Since the original publication on April 6, 2022, VMware has confirmed “that exploitation of CVE-2022-22954 has occurred in the wild.” CISA also added the vulnerability to its Known Exploited Vulnerabilities Catalog.
Two of the other Critical vulnerabilities (CVE-2022-22955 and CVE-2022-22956) could allow a malicious actor to bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
Finally, VMware also addressed two Important VMware Horizon Client for Linux privilege escalation vulnerabilities (CVE-2022-22962, CVE-2022-22964).
Update: This article was previously published on April 7, 2022, but has been updated on April 14, 2022 with new updates for new exploits of CVE-2022-22954.