Patch VMware Workspace ONE Access and Identity Manager RCE Vulnerability (CVE-2022-22954)

Brenda Gratas September 10, 2022
- 2 min read

VMware unveiled a critical remote code execution vulnerability, CVE-2022-22954, that impacts VMware Workspace ONE Access and Identity Manager. 

Exploiting this vulnerability could allow attackers to gain complete control over systems, leading to data theft, malware installation, and operational disruption. Organizations must apply the patches promptly to protect their devices.

In this article, we’ll provide comprehensive insights into the CVE-2022-22954 vulnerability, its associated risks, and the measures available to safeguard vulnerable systems, including the use of InvGate Insight to simplify Patch Management.

Read on to learn how to protect your organization from potential threats. 

About CVE-2022-22954

CVE-2022-22954 is a server-side template injection vulnerability in VMware Workspace ONE Access and Identity Manager that can be triggered by a malicious actor with network access to achieve remote code execution (RCE).

The vulnerability, that has been exploited in the wild, has a CVSSv3 base score of 9.8, which is considered to be critical. 

CVE-2022-22954 can be exploited by sending a specially crafted HTTP GET request to a vulnerable server resulting in RCE on the server.

What are CVE-2022-22954 risks?

An attacker who successfully exploits the vulnerability could take complete control of a vulnerable system, allowing them to steal data, install malware, or disrupt operations.

Is CVE-2022-22954 fixed?

Yes, VMware has released patches for CVE-2022-22954. Organizations that use VMware Workspace ONE Access or Identity Manager should apply them as soon as possible to protect their systems from attack.

How to find devices exposed to CVE-2022-22954

With InvGate Insight you can quickly find devices that are exposed to the CVE-2022-22954 vulnerability. Here are the instructions to proceed with:

  1. Open InvGate Insight and go to the Explorer tab.
  2. Type in the Search bar “Software name, is:VMware Workspace ONE Access” or “Software name, is:VMware Identity Manager” to filter all devices with these software programs.
  3. Add another filter to the Search bar to see all devices missing the security patch. To do that, add the following filter: “Reported version, is not:” and paste VMware’s patched version (depending on your product, you’ll find the security update number on VMware’s webpage).

Use InvGate Insight to find devices exposed to CVE-2022-22954

The bottom line

CVE-2022-22954 is a critical remote code execution vulnerability found in VMware Workspace ONE Access and Identity Manager. Exploiting this vulnerability could allow attackers to gain complete control over systems, leading to data theft, malware installation, and operational disruption. 

VMware has released patches to address this issue, and organizations are urged to apply them promptly for protection.

InvGate Insight offers a solution to identify devices exposed to CVE-2022-22954 easily, simplifying the patch management process. To experience its capabilities, request a 30-day free trial today and begin searching for vulnerable devices within their network.

Read other articles like this : vulnerabilities

Read other articles like this:

Evaluate InvGate as Your ITSM Solution

30-day free trial - No credit card needed

InvGate logo light
Endeavor white logo
Service Desk
IT Service Management AI ITSM Enterprise Service Management Ticket Management Self-Service Workflows
ITAM
IT Asset Management Asset Inventory CMDB Network Discovery Metering
Learn
ITSM ITIL ESM SLAs Help Desks Ticket Volume
InvGate
AI Hub About Us Why InvGate? Partners Careers Contact Us Leave a Review
Compare With
Jira ServiceNow SolarWinds Freshservice Manage Engine Other Alternatives
Privacy Policy Quality Policy Cookie Policy Terms and Conditions Solutions Terms and Conditions © InvGate