CVE-2022-22954 – VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-22954
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de ejecución de código remota debido a una inyección de plantillas del lado del servidor. Un actor malicioso con acceso a la red puede desencadenar una inyección de plantillas del lado del servidor que puede resultar en la ejecución de código remota VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection. • https://github.com/sherlocksecurity/VMware-CVE-2022-22954 https://github.com/bewhale/CVE-2022-22954 https://github.com/MLX15/CVE-2022-22954 https://github.com/orwagodfather/CVE-2022-22954 https://github.com/jax7sec/CVE-2022-22954 https://github.com/secfb/CVE-2022-22954 https://github.com/tunelko/CVE-2022-22954-PoC https://github.com/bb33bb/CVE-2022-22954-VMware-RCE https://github.com/aniqfakhrul/CVE-2022-22954 https://github.com/b4dboy17/CVE-2022-22954 https://githu • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2021-22056
https://notcve.org/view.php?id=CVE-2021-22056
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. VMware Workspace ONE Access versiones 21.08, 20.10.0.1 y 20.10 y Identity Manager versiones 3.3.5, 3.3.4 y 3.3.3, contienen una vulnerabilidad de tipo SSRF. Un actor malicioso con acceso a la red puede ser capaz de realizar peticiones HTTP a orígenes arbitrarios y leer la respuesta completa • https://www.vmware.com/security/advisories/VMSA-2021-0030.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-22057
https://notcve.org/view.php?id=CVE-2021-22057
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify. VMware Workspace ONE Access versiones 21.08, 20.10.0.1 y 20.10, contienen una vulnerabilidad de omisión de autenticación. Un actor malicioso, que ha proporcionado con éxito la autenticación de primer factor, puede ser capaz de obtener la autenticación de segundo factor proporcionada por VMware Verify • https://www.vmware.com/security/advisories/VMSA-2021-0030.html •