VMware Workspace One Access / VMware Identity Manager Multiple Vulnerabilities (VMSA-2022-0011)

critical Nessus Plugin ID 159548

Synopsis

An identity store broker application running on the remote host is affected by multiple vulnerabilities.

Description

The VMware Workspace One Access (formerly VMware Identity Manager) application running on the remote host is affected by the following vulnerabilities:

- Server-side Template Injection Remote Code Execution Vulnerability (CVE-2022-22954)
- OAuth2 ACS Authentication Bypass Vulnerabilities (CVE-2022-22955, CVE-2022-22956)
- JDBC Injection Remote Code Execution Vulnerabilities (CVE-2022-22957, CVE-2022-22958)
- Cross Site Request Forgery Vulnerability (CVE-2022-22959)
- Local Privilege Escalation Vulnerability (CVE-2022-22960)
- Information Disclosure Vulnerability (CVE-2022-22961)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version.

Solution

Apply the HW-154129 hotfix to VMware Workspace One Access / VMware Identity Manager as per the VMSA-2022-0011 advisory.

See Also

https://www.vmware.com/security/advisories/VMSA-2022-0011.html

https://kb.vmware.com/s/article/88099

Plugin Details

Severity: Critical

ID: 159548

File Name: vmware_workspace_one_access_VMSA-2022-0011.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 4/6/2022

Updated: 12/5/2022

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS Score Source: CVE-2022-22954

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-22956

Vulnerability Information

CPE: cpe:/a:vmware:workspace_one_access, cpe:/a:vmware:identity_manager

Required KB Items: installed_sw/VMware Workspace ONE Access

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/6/2022

Vulnerability Publication Date: 4/6/2022

CISA Known Exploited Dates: 5/5/2022, 5/6/2022

Exploitable With

Metasploit (VMware Workspace ONE Access CVE-2022-22954)

Reference Information

CVE: CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961

VMSA: 2022-0011

IAVA: 2022-A-0136-S

CEA-ID: CEA-2022-0012