VMware Workspace ONE Access SSTI (CVE-2022-22954)
Description
VMware Workspace ONE Access and Identity Manager contain a server-side template injection (SSTI) vulnerability that allows unauthenticated attackers to execute arbitrary code remotely. This critical flaw exists in the template processing engine and can be exploited by sending specially crafted requests to vulnerable endpoints, enabling complete system compromise without requiring authentication.
Remediation
Apply security patches immediately by upgrading to the following versions or later:
• VMware Workspace ONE Access 21.08.0.1 or later
• VMware Identity Manager 3.3.6 or later
• VMware vRealize Automation 7.6.0.3 or later
• VMware Cloud Foundation 4.x - apply patches per VMSA-2022-0011
If immediate patching is not possible, implement network-level access controls to restrict access to the management interface to trusted IP addresses only. Monitor logs for suspicious template-related requests and unusual authentication patterns. Verify the integrity of existing systems as this vulnerability may have been exploited prior to patching.