CVE-2022-22954
Description
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
Severity: CRITICAL
CVE ID: CVE-2022-22954
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2022-22954
Refrence: Project Discovery GitHub
axingde
提供单个或批量URL扫描是否存在CVE-2022-22954功能
Refrence: GitHub
sherlocksecurity
POC for VMWARE CVE-2022-22954
Refrence: GitHub
Vulnmachines
CVE-2022-22954 is a server-side template injection vulnerability in the VMware Workspace ONE Access and Identity Manager
Refrence: GitHub
aniqfakhrul
Refrence: GitHub
jax7sec
提供批量扫描URL以及执行命令功能。Workspace ONE Access 模板注入漏洞,可执行任意代码
Refrence: GitHub
bb33bb
CVE-2022-22954-VMware-RCE批量检测POC
Refrence: GitHub
lucksec
Refrence: GitHub
mumu2020629
Refrence: GitHub
MSeymenD
CVE-2022-22954 Açığı test etme
Refrence: GitHub
corelight
Refrence: GitHub
DrorDvash
PoC for CVE-2022-22954 - VMware Workspace ONE Access Freemarker Server-Side Template Injection
Refrence: GitHub
Jun-5heng
VMware Workspace ONE Access远程代码执行漏洞 / Code By:Jun_sheng
Refrence: GitHub
tunelko
VMware Workspace ONE Access and Identity Manager RCE via SSTI - Test script for shodan, file or manual.
Refrence: GitHub
bewhale
CVE-2022-22954 VMware Workspace ONE Access freemarker SSTI 漏洞 命令执行、批量检测脚本、文件写入
Refrence: GitHub
emilyastranova
Proof of Concept for exploiting VMware CVE-2022-22954
Refrence: GitHub
MLX15
CVE-2022-22954 VMware Workspace ONE Access free marker SSTI
Refrence: GitHub
mhurts
Refrence: GitHub
nguyenv1nK
CVE-2022-22954 analyst
Refrence: GitHub
Chocapikk
Python script to exploit CVE-2022-22954 and then exploit CVE-2022-22960
Refrence: GitHub
secfb
Python script to exploit CVE-2022-22954 and then exploit CVE-2022-22960
Refrence: GitHub
orwagodfather
Refrence: GitHub
b4dboy17
VMware Workspace ONE Access and Identity Manager RCE via SSTI. CVE-2022-22954 - PoC SSTI * exploit+payload+shodan (ну набором)
Refrence: GitHub
arzuozkan
Practising technical writing with researching CVE-2022-22954 VMware Workspace ONE Access RCE vulnerability.
Refrence: GitHub
amit-pathak009
Refrence: GitHub
amit-pathak009
Refrence: GitHub
Schira4396
一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j,提供一键上传webshell,命令执行或者上传公钥使用SSH免密连接
Refrence: GitHub
lolminerxmrig
Refrence: GitHub
Jhonsonwannaa
Refrence: GitHub
Content on GitHub
W01fh4cker | watchers:897
VcenterKit
Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit
Refrence: GitHub
mamba-2021 | watchers:24
EXP-POC
汇总平时写的一些POC&EXP
Refrence: GitHub
W01fh4cker | watchers:1133
Serein
【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。
Refrence: GitHub