目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2022-22954 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
VMware 多款产品代码注入漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Vmware Workspace One Access是美国Vmware公司的将用户身份与设备和网络信息等因素结合起来,为 Workspace One 交付的应用程序制定智能驱动的条件访问决策。 VMware 多款产品存在代码注入漏洞,该漏洞源于不正确的输入验证。远程攻击者利用该漏洞发送特制的HTTP请求并执行服务器端模板注入。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
-VMware Workspace ONE Access and Identity Manager Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. -
二、漏洞 CVE-2022-22954 的公开POC
#POC 描述源链接神龙链接
1提供单个或批量URL扫描是否存在CVE-2022-22954功能https://github.com/axingde/CVE-2022-22954-POCPOC详情
2POC for VMWARE CVE-2022-22954https://github.com/sherlocksecurity/VMware-CVE-2022-22954POC详情
3CVE-2022-22954 is a server-side template injection vulnerability in the VMware Workspace ONE Access and Identity Managerhttps://github.com/Vulnmachines/VMWare_CVE-2022-22954POC详情
4Nonehttps://github.com/aniqfakhrul/CVE-2022-22954POC详情
5提供批量扫描URL以及执行命令功能。Workspace ONE Access 模板注入漏洞,可执行任意代码https://github.com/jax7sec/CVE-2022-22954POC详情
6CVE-2022-22954-VMware-RCE批量检测POChttps://github.com/bb33bb/CVE-2022-22954-VMware-RCEPOC详情
7Nonehttps://github.com/lucksec/VMware-CVE-2022-22954POC详情
8Nonehttps://github.com/mumu2020629/-CVE-2022-22954-scannerPOC详情
9CVE-2022-22954 Açığı test etmehttps://github.com/MSeymenD/CVE-2022-22954-TestiPOC详情
10Nonehttps://github.com/corelight/cve-2022-22954POC详情
11PoC for CVE-2022-22954 - VMware Workspace ONE Access Freemarker Server-Side Template Injectionhttps://github.com/DrorDvash/CVE-2022-22954_VMware_PoCPOC详情
12VMware Workspace ONE Access远程代码执行漏洞 / Code By:Jun_shenghttps://github.com/Jun-5heng/CVE-2022-22954POC详情
13VMware Workspace ONE Access and Identity Manager RCE via SSTI - Test script for shodan, file or manual. https://github.com/tunelko/CVE-2022-22954-PoCPOC详情
14CVE-2022-22954 VMware Workspace ONE Access freemarker SSTI 漏洞 命令执行、批量检测脚本、文件写入https://github.com/bewhale/CVE-2022-22954POC详情
15Proof of Concept for exploiting VMware CVE-2022-22954https://github.com/tyleraharrison/VMware-CVE-2022-22954-Command-InjectorPOC详情
16CVE-2022-22954 VMware Workspace ONE Access free marker SSTIhttps://github.com/MLX15/CVE-2022-22954POC详情
17Nonehttps://github.com/mhurts/CVE-2022-22954-POCPOC详情
18CVE-2022-22954 analysthttps://github.com/nguyenv1nK/CVE-2022-22954POC详情
19Python script to exploit CVE-2022-22954 and then exploit CVE-2022-22960https://github.com/Chocapikk/CVE-2022-22954POC详情
20Python script to exploit CVE-2022-22954 and then exploit CVE-2022-22960https://github.com/secfb/CVE-2022-22954POC详情
21Nonehttps://github.com/orwagodfather/CVE-2022-22954POC详情
22VMware Workspace ONE Access and Identity Manager RCE via SSTI. CVE-2022-22954 - PoC SSTI * exploit+payload+shodan (ну набором)https://github.com/b4dboy17/CVE-2022-22954POC详情
23Practising technical writing with researching CVE-2022-22954 VMware Workspace ONE Access RCE vulnerability.https://github.com/arzuozkan/CVE-2022-22954POC详情
24I'm tryinghttps://github.com/1SeaMy/CVE-2022-22954POC详情
25Nonehttps://github.com/amit-pathak009/CVE-2022-22954POC详情
26Nonehttps://github.com/amit-pathak009/CVE-2022-22954-PoCPOC详情
27一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j,提供一键上传webshell,命令执行或者上传公钥使用SSH免密连接https://github.com/Schira4396/VcenterKillerPOC详情
28Nonehttps://github.com/lolminerxmrig/CVE-2022-22954_POC详情
29Nonehttps://github.com/Jhonsonwannaa/CVE-2022-22954POC详情
30Proof of Concept for exploiting VMware CVE-2022-22954https://github.com/emilyastranova/VMware-CVE-2022-22954-Command-InjectorPOC详情
31VMware Workspace ONE Access is susceptible to a remote code execution vulnerability due to a server-side template injection flaw. An unauthenticated attacker with network access could exploit this vulnerability by sending a specially crafted request to a vulnerable VMware Workspace ONE or Identity Manager. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22954.yamlPOC详情
32Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/VMware%20Workspace%20ONE%20Access%20SSTI%E6%BC%8F%E6%B4%9E%20CVE-2022-22954.mdPOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2022-22954 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same product: VMware Workspace ONE Access and Identity Manager
Same vendor: n/a
V. Comments for CVE-2022-22954

暂无评论

发表评论