ClickySkip to main content
Need help with a cyber incident now?
Call 24/7: +31 88-2747800

VMware Workspace ONE Access vulnerabilities

This live blog contains information regarding vulnerabilities in VMware Workspace ONE Access. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on April 13, 2022.

Update April 13, 2022

14:00 | Recently, VMware has published Security Advisory VMSA-2022-0011 related to eight different CVEs in VMware Workspace ONE Access. Three of these CVE’s have a score of 9.8 and are the subject of this writing: one Remote Code Execution and two Authentication Bypass vulnerabilities.

The Remote Code Execution vulnerability also exists in the following related VMware products:  VMware Identity Manager, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.

VMware has published patches. It is advised to apply these security patches as soon as possible.

Reason and background of this blog

This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.

Potential risk

For CVE-2022-22954, an attacker with network access to the solution, can trigger a server-side template injection that may result in a remote code execution. A Proof-of-concept exploit is available for this vulnerability.

CVE-2022-22955 and CVE-2022-22956 may allow an attacker to bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

Detail info

Recently, VMware has published Security Advisory VMSA-2022-0011 related to eight different CVEs in VMware Workspace ONE Access. Three of these CVE’s have a score of 9.8 and are the subject of this writing:

  • CVE-2022-22954 – Remote code execution
  • CVE-2022-22955 – Authentication bypass
  • CVE-2022-22956 – Authentication bypass

Vulnerability CVE-2022-22954 also exists in the following related VMware products:

  • VMware Identity Manager
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

The CVSS scale runs from 0 to 10. A score of 9.8 or higher is rare and implies a high risk of exploitation with high impact. On the 12th of April 2022, a proof-of-concept exploit was published for CVE-2022-22954.

The following versions of VMware Workspace ONE Access Appliance are vulnerable to all three vulnerabilities:

  • 20.10.0.0
  • 20.10.0.1
  • 21.08.0.0
  • 21.08.0.1

Additionally, the following related VMware products are affected by CVE-2022-22954:

  • Identity Manager versions – 3.3.3 to 3.3.6
  • VMware Cloud Foundation versions – 4.x
  • vRealize Suite Lifecycle Manager versions – 8.x

VMware has published updates solving the vulnerabilities. It is strongly advised to upgrade as soon as possible. For more information and the download locations of the patches, please refer to the VMware Security Advisory

Background

More information:

Subscribe

Do you want to be informed in time? Sign up for our technical updates

Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.

Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.