• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
critical vmware workspace one access flaw under active exploitation in

Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild

You are here: Home / General Cyber Security News / Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild
April 14, 2022

A 7 days after VMware produced patches to remediate eight security vulnerabilities in VMware Workspace 1 Entry, danger actors have begun to actively exploit just one of the critical flaws in the wild.

Tracked as CVE-2022-22954, the critical issue relates to a remote code execution vulnerability that stems from server-aspect template injection in VMware Workspace One particular Obtain and Identification Supervisor. The bug is rated 9.8 in severity.

CyberSecurity

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“A malicious actor with network entry can cause a server-aspect template injection that may final result in distant code execution,” the organization noted in its advisory.

The virtualization solutions supplier has given that revised its bulletin to alert shoppers of confirmed exploitation of CVE-2022-22954 occurring in the wild. Cybersecurity agency Lousy Packets also corroborated that it detected tries to weaponize the vulnerability.

Supply: Negative Packets

It is really worth noting that the patches transported final week deal with 7 additional vulnerabilities in VMware Workspace One particular Entry, VMware Identification Supervisor, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Supervisor, 4 of which are rated Critical, two are rated Crucial, and a single is rated Reasonable.

In gentle of recurring exploitation of VMWare goods by country-point out groups and cyber prison actors, it is advisable that consumers shift swiftly to enhance to the hottest version.

“This critical vulnerability must be patched or mitigated promptly,” VMware cautioned previous week. “The ramifications of this vulnerability are major.”

Identified this posting attention-grabbing? Abide by THN on Facebook, Twitter  and LinkedIn to read through additional unique articles we submit.


Some components of this post are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Wind Turbine Giant Nordex Hit By Cyber-Attack
Next Post: U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware u.s. warns of apt hackers targeting ics/scada systems with specialized»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.