{"id":17988,"date":"2022-04-14T15:52:21","date_gmt":"2022-04-14T22:52:21","guid":{"rendered":"https:\/\/sn1persecurity.com\/wordpress\/?p=17988"},"modified":"2023-05-06T06:42:22","modified_gmt":"2023-05-06T13:42:22","slug":"vmware-workspace-one-access-freemarker-ssti-cve-2022-22954-detection-with-sn1per-professional","status":"publish","type":"post","link":"https:\/\/sn1persecurity.com\/wordpress\/vmware-workspace-one-access-freemarker-ssti-cve-2022-22954-detection-with-sn1per-professional\/","title":{"rendered":"VMware Workspace ONE Access freemarker SSTI (CVE-2022-22954) Detection with Sn1per Professional"},"content":{"rendered":"

Information regarding a critical 0-day vulnerability affecting the VMware<\/a> Workspace ONE Access and Identity Manager was disclosed<\/a> and designated CVE-2022-22954<\/a> which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers<\/strong>. On April 14th, CISA & US-Cert added CVE-2022-22954 to their catalog<\/a> of known exploited vulnerabilities after a number of Proof-of-Concept (PoC) exploits were published online<\/a> and exploit activity was actively observed. Given the impact and severity of the vulnerability, Sn1perSecurity has released an out-of-band update to help detect vulnerable servers in your environment using Sn1per Professional<\/a>.<\/p>\n

Severity: CRITICAL<\/span> | Exploit Available: Yes <\/span>| Exploitability: Easy <\/span>| Remotely Exploitable: Yes<\/span><\/strong><\/p>\n

<\/p>\n

Scanning for VMware Workspace ONE Access freemarker SSTI (CVE-2022-22954)<\/h4>\n

To detect the CVE-2022-22954<\/a> vulnerability using Sn1per Professional<\/a>, you will need to do the following:<\/p>\n

    \n
  1. Apply the template update from the Sn1per Professional “Updates<\/strong>” panel<\/li>\n
  2. Ensure that the “SC0PE_VULNERABLITY_SCANNER<\/strong>” is set to “1<\/strong>” in your Sn1per configuration<\/li>\n
  3. Run a scan of your network using the normal Sn1per scan process<\/li>\n<\/ol>\n

    After the scan finishes, you can then view all vulnerable instances from the Sn1per Professional<\/a> “Vulnerability Report Viewer<\/strong>“.<\/p>\n

    \"\"<\/a><\/p>\n

    \"\"<\/a><\/p>\n

     <\/p>\n

    \r\n\r\n<\/span>\r\nFacebook<\/span>\r\n\r\n0<\/span>\r\n\r\n<\/a>\r\n\r\n\r\n\r\n<\/span>\r\nTwitter<\/span>\r\n\r\n0<\/span>\r\n\r\n<\/a>\r\n\r\n\r\n\r\n<\/span>\r\nReddit<\/span>\r\n\r\n0<\/span>\r\n\r\n<\/a>\r\n\r\n\r\n\r\n<\/span>\r\nLinkedin<\/span>\r\n\r\n0<\/span>\r\n\r\n<\/a>\r\n\r\n<\/i><\/span><\/a>
    X<\/span>\r\n\r\n<\/span>\r\nEmail<\/span>\r\n0<\/span>\t\t\t\t\r\n\r\n<\/a>\r\n<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"

    Information regarding a critical 0-day vulnerability affecting the VMware Workspace ONE Access and Identity Manager was disclosed and designated CVE-2022-22954 which allows an […]<\/p>\n","protected":false},"author":1,"featured_media":17989,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[290,80,99,184,289,338],"tags":[317,318,52,38,42,37,108],"class_list":["post-17988","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-attack-surface-management","category-bug-bounties","category-cves","category-news","category-penetration-testing","category-threat-intelligence","tag-cve-2022-22954","tag-detection","tag-exploit","tag-professional","tag-scanner","tag-sn1per","tag-vulnerability"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-cve-2022-22954-detection1.png","jetpack_shortlink":"https:\/\/wp.me\/pdnW96-4G8","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":18193,"url":"https:\/\/sn1persecurity.com\/wordpress\/big-ip-icontrol-rest-rce-cve-2022-1388-detection-with-sn1per-professional\/","url_meta":{"origin":17988,"position":0},"title":"BIG-IP iControl REST RCE (CVE-2022-1388) Detection with Sn1per Professional","author":"xer0dayz","date":"May 10, 2022","format":false,"excerpt":"A critical vulnerability affecting the F5 BIG-IP devices was disclosed and designated CVE-2022-1388 which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers. A number of Proof-of-Concept (PoC) exploits were published online and exploit activity is actively being observed. Given the impact and severity of the vulnerability, Sn1perSecurity\u2026","rel":"","context":"In "Attack Surface Management"","block_context":{"text":"Attack Surface Management","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/attack-surface-management\/"},"img":{"alt_text":"Sn1per-CVE-2022-1388-Scanner1","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/05\/Sn1per-CVE-2022-1388-Scanner1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/05\/Sn1per-CVE-2022-1388-Scanner1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/05\/Sn1per-CVE-2022-1388-Scanner1.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/05\/Sn1per-CVE-2022-1388-Scanner1.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/05\/Sn1per-CVE-2022-1388-Scanner1.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/05\/Sn1per-CVE-2022-1388-Scanner1.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":18011,"url":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-professional-v10-1-se-update-released\/","url_meta":{"origin":17988,"position":1},"title":"Sn1per Professional v10.1 SE Update Released!","author":"xer0dayz","date":"April 19, 2022","format":false,"excerpt":"Sn1per Professional v10.1 Scan Engine (SE) update is now available for Sn1per Professional v10.0 customers with a ton of new features and improvements. This update is part of the Sn1per Professional SE development branch which is exclusively available only to Sn1per Professional v10.0 customers. If you are a previous customer\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/news\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":17958,"url":"https:\/\/sn1persecurity.com\/wordpress\/spring4shell-cve-2022-22965-detection-with-sn1per-professional\/","url_meta":{"origin":17988,"position":2},"title":"Spring4Shell (CVE-2022-22965) Detection with Sn1per Professional","author":"xer0dayz","date":"April 11, 2022","format":false,"excerpt":"On March 30, 2022, information regarding a critical 0-day vulnerability affecting the Spring Framework was disclosed and dubbed \"Spring4Shell\" CVE-2022-22965 which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers. Given the impact and severity of the vulnerability, Sn1perSecurity has released an out-of-band update to help detect vulnerable\u2026","rel":"","context":"In "Attack Surface Management"","block_context":{"text":"Attack Surface Management","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/attack-surface-management\/"},"img":{"alt_text":"Sn1per-Spring4Shell-Scanner1","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Spring4Shell-Scanner1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Spring4Shell-Scanner1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Spring4Shell-Scanner1.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Spring4Shell-Scanner1.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Spring4Shell-Scanner1.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Spring4Shell-Scanner1.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":18544,"url":"https:\/\/sn1persecurity.com\/wordpress\/confluence-rce-ognl-template-injection-cve-2022-26134\/","url_meta":{"origin":17988,"position":3},"title":"Confluence RCE via OGNL template injection (CVE-2022-26134)","author":"xer0dayz","date":"June 5, 2022","format":false,"excerpt":"A critical vulnerability affecting the Atlassian Confluence was disclosed and designated CVE-2022-26134 which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers. A number of Proof-of-Concept (PoC) exploits were published online and exploit activity is actively being observed. Given the impact and severity of the vulnerability, Sn1perSecurity has\u2026","rel":"","context":"In "Attack Surface Management"","block_context":{"text":"Attack Surface Management","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/attack-surface-management\/"},"img":{"alt_text":"Sn1per-CVE-2022-26134-detection1","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/06\/Sn1per-CVE-2022-26134-detection1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/06\/Sn1per-CVE-2022-26134-detection1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/06\/Sn1per-CVE-2022-26134-detection1.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/06\/Sn1per-CVE-2022-26134-detection1.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/06\/Sn1per-CVE-2022-26134-detection1.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/06\/Sn1per-CVE-2022-26134-detection1.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":26771,"url":"https:\/\/sn1persecurity.com\/wordpress\/cve-2024-21733-apache-tomcat-http-request-smuggling\/","url_meta":{"origin":17988,"position":4},"title":"CVE-2024-21733 Apache Tomcat HTTP Request Smuggling","author":"xer0dayz","date":"January 21, 2024","format":false,"excerpt":"Our security research team recently discovered a critical \"0day\" vulnerability which was assigned CVE-2024-21733. The vulnerability was discovered by xer0dayz from Sn1perSecurity LLC and allows attackers to force a victim's browser to de-synchronize its connection with websites hosted on top of Apache Tomcat, causing sensitive data to be smuggled from\u2026","rel":"","context":"In "Attack Surface Management"","block_context":{"text":"Attack Surface Management","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/attack-surface-management\/"},"img":{"alt_text":"CVE-2024-21733 Apache Tomcat HTTP Request Smuggling","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2024\/01\/CVE-2024-21733.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2024\/01\/CVE-2024-21733.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2024\/01\/CVE-2024-21733.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2024\/01\/CVE-2024-21733.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2024\/01\/CVE-2024-21733.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2024\/01\/CVE-2024-21733.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":26428,"url":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-scan-engine-v10-5-released\/","url_meta":{"origin":17988,"position":5},"title":"Sn1per Scan Engine v10.5 Released!","author":"xer0dayz","date":"January 1, 2024","format":false,"excerpt":"Sn1per SE (Scan Engine) v10.5 is now available with a ton of new features and improvements. This update is part of the Sn1per SE development branch which is available to Sn1per Professional v10.0 and Sn1per Enterprise customers. If you are a previous customer (ie. Sn1per Professional v9.0 or less) or\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/news\/"},"img":{"alt_text":"Sn1per SE Update","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts\/17988","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/comments?post=17988"}],"version-history":[{"count":11,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts\/17988\/revisions"}],"predecessor-version":[{"id":18192,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts\/17988\/revisions\/18192"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/media\/17989"}],"wp:attachment":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/media?parent=17988"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/categories?post=17988"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/tags?post=17988"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}