CVE-2022-22954

Vulnerability Profile Updated 3 months ago

Download STIX

Preview STIX

CVE-2022-22954 is a significant software vulnerability that affects VMware's Workspace One Access and Identity Manager. This flaw in the software design or implementation allows for remote code execution, providing an attacker with the ability to execute arbitrary commands on the affected system. Over a 30-day period, there was a notable increase in the detection of this exploit, as illustrated by Figure 6: VMware.Workspace.ONE.Access.Catalog.Remote.Code.Execution (CVE-2022-22954) 30-day Daily Detection Count. This particular vulnerability was part of a trio of exploits that collectively accounted for nearly 90% of known cyber threats. The most prominent among these was Log4j (CVE-2021-44228), which constituted 44% of all known exploits. Alongside CVE-2022-22954, another significant threat was a BIG-IP F5 exploit (CVE-2022-1388). These three vulnerabilities together have been at the forefront of cybersecurity concerns. The combination of CVE-2022-22954 and another VMware vulnerability (CVE-2022-22960) ranked fourth in terms of threat severity. Despite not being the primary vulnerability, the potential harm from CVE-2022-22954 is substantial due to its capacity for remote code execution. Given the widespread use of VMware's Workspace One Access and Identity Manager, this vulnerability presents a considerable risk to many organizations and systems.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
vmware.workspace.one.access.catalog.remote.code.execution	1	None

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Exploits

Log4j

Exploit

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
CVE-2022-1388	Unspecified	2	CVE-2022-1388 is a critical vulnerability identified in the F5 BIG-IP iControl REST interface, which allows for an authentication bypass. This flaw in software design or implementation enables unauthorized users to gain access and control over the system without needing to authenticate their identit
Log4Shell	Unspecified	2	Log4Shell is a software vulnerability, specifically a flaw in the design or implementation of the popular Java logging library, Log4j. Identified as CVE-2021-44228, this vulnerability allows an attacker to remotely execute arbitrary code, often leading to full system compromise. Advanced Persistent
CVE-2022-22960	Unspecified	1	None
Proxyshell	Unspecified	1	ProxyShell is a critical vulnerability affecting Microsoft Exchange email servers. Identified as CVE-2021-34473, it is a flaw in software design or implementation that can be exploited by attackers to gain unauthorized access to systems. The vulnerability was actively exploited by threat actors, cau
vmware.workspace.one.access.catalog.remote.code.execution Cve-2022-22954	Unspecified	1	None
Follina	Unspecified	1	Follina, also known as CVE-2022-30190, is a notable software vulnerability that was discovered and exploited in the first half of 2022. This flaw, found in the Microsoft Windows Support Diagnostic Tool (MSDT), was weaponized by TA413, a cyber threat actor group with suspected ties to China. The grou
CVE-2021-44228	Unspecified	1	CVE-2021-44228, also known as the Log4j vulnerability, is a software flaw found in Apache Log4j, a widely used logging utility. Despite multiple attempts by Advanced Persistent Threat (APT) actors to exploit this vulnerability in the ServiceDesk system, these efforts were unsuccessful. However, it b

Source Document References

Information about the CVE-2022-22954 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Malwarebytes	a year ago	2022's most routinely exploited vulnerabilities—history repeats
CERT-EU	a year ago	Unmasking the top exploited vulnerabilities of 2022 – GIXtools
BankInfoSecurity	a year ago	Patching Conundrum: 5-Year Old Flaw Again Tops Most-Hit List
CERT-EU	a year ago	Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities
CERT-EU	a year ago	FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022
CERT-EU	a year ago	Most exploited cyber vulnerabilities of 2022 revealed
CERT-EU	a year ago	CISA Advisory of Top 42 Frequently Exploited Flaws of 2022
BankInfoSecurity	a year ago	Patching Conundrum: 4-Year Old Flaw Again Tops Most-Hit List
Securityaffairs	a year ago	CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022
CERT-EU	a year ago	FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022
CISA	a year ago	2022 Top Routinely Exploited Vulnerabilities \| CISA
CSO Online	a year ago	Fileless attacks surge as cybercriminals evade cloud security defenses
Fortinet	a year ago	2022 IoT Threat Review \| FortiGuard Labs
CERT-EU	a year ago	Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report
DARKReading	a year ago	3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022