Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild

A 7 days after VMware produced patches to remediate eight security vulnerabilities in VMware Workspace 1 Entry, danger actors have begun to actively exploit just one of the critical flaws in the wild.

Tracked as CVE-2022-22954, the critical issue relates to a remote code execution vulnerability that stems from server-aspect template injection in VMware Workspace One particular Obtain and Identification Supervisor. The bug is rated 9.8 in severity.

“A malicious actor with network entry can cause a server-aspect template injection that may final result in distant code execution,” the organization noted in its advisory.

The virtualization solutions supplier has given that revised its bulletin to alert shoppers of confirmed exploitation of CVE-2022-22954 occurring in the wild. Cybersecurity agency Lousy Packets also corroborated that it detected tries to weaponize the vulnerability.

Supply: Negative Packets

It is really worth noting that the patches transported final week deal with 7 additional vulnerabilities in VMware Workspace One particular Entry, VMware Identification Supervisor, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Supervisor, 4 of which are rated Critical, two are rated Crucial, and a single is rated Reasonable.

In gentle of recurring exploitation of VMWare goods by country-point out groups and cyber prison actors, it is advisable that consumers shift swiftly to enhance to the hottest version.

“This critical vulnerability must be patched or mitigated promptly,” VMware cautioned previous week. “The ramifications of this vulnerability are major.”

Identified this posting attention-grabbing? Abide by THN on Facebook, Twitter  and LinkedIn to read through additional unique articles we submit.

Some components of this post are sourced from:
thehackernews.com