www.techtarget.com
Open in
urlscan Pro
2606:4700:4400::6812:2a27
Public Scan
URL:
https://www.techtarget.com/searchsecurity/news/252515988/VMware-Workspace-One-flaw-actively-exploited-in-the-wild
Submission: On April 18 via api from US — Scanned from DE
Submission: On April 18 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
GET https://www.techtarget.com/search/query
<form action="https://www.techtarget.com/search/query" method="get" class="header-search">
<label for="header-search-input" class="visuallyhidden">Search the TechTarget Network</label>
<input class="header-search-input ui-autocomplete-input" id="header-search-input" autocomplete="off" type="text" name="q" placeholder="Search the TechTarget Network">
<button aria-label="Search" class="header-search-submit"><i class="icon" data-icon="g"></i></button>
</form>Text Content
SearchSecurity
Search the TechTarget Network
Sign-up now. Start my free, unlimited access.
Login Register
* Techtarget Network
* News
* Features
* Tips
* Webinars
* More Content
* Answers
* Definitions
* Essential Guides
* Opinions
* Photo Stories
* Podcasts
* Quizzes
* Tech Accelerators
* Tutorials
* Sponsored Communities
* Schools
* SearchSecurity
* Topic Threats and vulnerabilities
* Application and platform security
* Careers and certifications
* Cloud security
* Compliance
* Data security and privacy
* Identity and access management
* Network security
* Risk management
* Security analytics and automation
* Security operations and management
* Threat detection and response
* All Topics
* Follow:
*
*
*
News
VMWARE WORKSPACE ONE FLAW ACTIVELY EXPLOITED IN THE WILD
MULTIPLE THREAT INTELLIGENCE PROVIDERS HAVE DETECTED THREAT ACTIVITY RELATED TO
THE VMWARE WORKSPACE ONE FLAW, INCLUDING CRYPTOCURRENCY MINING ACTIVITY.
Share this item with your network:
*
*
*
By
* Alexander Culafi, News Writer
Published: 14 Apr 2022
A critical vulnerability in VMware's Workspace One is under active exploitation,
the cloud software vendor said in a Wednesday security advisory update.
The vulnerability is CVE-2022-22954, a server-side template injection flaw
capable of remote code execution. It affects Workspace One's Access and Identity
Manager, part of Workspace One's larger IT management suite. The flaw was
patched April 6 alongside seven others -- most of which were high or critical
severity. Workarounds are also available.
Complete details about CVE-2022-22954, CVE-2022-22955,CVE-2022-22956,
CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960 and
CVE-2022-22961 are available in VMware's security advisory.
What makes CVE-2022-22954 distinct from the other critical vulnerabilities is
that on Wednesday, VMware updated its advisory to confirm that the vulnerability
has been exploited in the wild. Earlier this week, multiple researchers
published proofs of concept, or POCs, of the exploit on Twitter -- at least one
of which is available in greater detail on GitHub.
Additionally, multiple threat intelligence providers have detected threat actor
activity resulting from the flaw this week, including Bad Packets and GreyNoise
Intelligence, as well as prominent threat researcher Daniel Card. Card tweeted
Wednesday -- the same day VMware confirmed exploitation -- that cryptocurrency
miners were being deployed, and to "expect ransomware soon."
VMware also released a workaround for CVE-2022-22954. However, the vendor noted
in a Q&A that the only way to fully remove the vulnerabilities is to patch them.
"Workarounds, while convenient, do not remove the vulnerabilities, and may
introduce additional complexities that patching would not," the Q&A read. "While
the decision to patch or use the workaround is yours, VMware always strongly
recommends patching as the simplest and most reliable way to resolve this
issue."
A VMware spokesperson shared the following statement with SearchSecurity:
"VMware has updated our March 6 security advisory to confirm that exploitation
of CVE-2022-22954 has occurred in the wild, and we continue to urge customers to
apply the patches or workarounds provided in the advisory, VMSA-2022-0011. The
security of our customers is a top priority, and VMware encourages customers to
deploy our all our products in a security-hardened configuration and apply the
latest product updates for their environment."
Alexander Culafi is a writer, journalist and podcaster based in Boston.
RELATED RESOURCES
* Five Tips to Improve a Threat and Vulnerability Management Program
–SearchSecurity.com
* Evolve your Endpoint Security Strategy Past Antivirus and into the Cloud
–SearchSecurity.com
* WhiteHat Sentinel Mobile: Datasheet –WhiteHat Security
* Towards an Autonomous Vehicle Enabled Society: Cyber Attacks and
Countermeasures –ComputerWeekly.com
DIG DEEPER ON THREATS AND VULNERABILITIES
* MICROSOFT PLUGS WINDOWS ZERO-DAY ON APRIL PATCH TUESDAY
By: Tom Walat
* SPRING FRAMEWORK VULNERABILITIES SOW CONFUSION, CONCERN
By: Shaun Nichols
* RESEARCHERS DISCLOSE NEW SPECTRE V2 VULNERABILITIES
By: Shaun Nichols
* MICROSOFT SERVES UP THREE ZERO-DAYS ON MARCH PATCH TUESDAY
By: Alex Scroxton
Sponsored News
* To Accelerate Digital Transformation, the Path to Hybrid Cloud Should Be
Simple... –Dell Technologies
* 4 Ways to Reduce Threats in a Growing Attack Surface –Dell Technologies
* What to Look for in a Secure Cloud Portfolio to Optimize Federal
Cybersecurity ... –Dell Technologies
* See More
Related Content
* Spring Framework vulnerabilities sow confusion, ... – SearchSecurity
* Russian state actors exploiting VMware bug to hijack ... – ComputerWeekly.com
* Russian state-sponsored hackers exploit VMware ... – SearchSecurity
Latest TechTarget resources
* Cloud Security
* Networking
* CIO
* Enterprise Desktop
* Cloud Computing
* Computer Weekly
SearchCloudSecurity
* The 8 best cloud security certifications for IT pros in 2022
Certifications can help security pros prove their baseline knowledge of
infosec topics. Consider adding these top cloud security ...
* How to overcome 3 multi-tenancy security issues
Explore three major multi-tenancy security challenges and how to fix them,
including lack of visibility, privilege overallocation...
* Evaluate cloud database security controls, best practices
If your company is using a cloud database provider, it's critical to stay on
top of security. Review the security features ...
SearchNetworking
* Cisco's SD-WAN Version 17.8 supports OnRamp for more apps
The newest version of Cisco's SD-WAN brings Cloud OnRamp support to NBAR
applications like Slack or GitHub and custom apps and ...
* An introduction to 8 types of network devices
This introduction explores eight network devices that are commonly used
within enterprise network infrastructures, including ...
* Zero trust, wireless WAN affect the future of IoT networking
Zero-trust security models, wireless WAN evolution and the emergence of
pop-up businesses are all helping to fuel innovation in ...
SearchCIO
* SEC chair touts benefits of climate risk disclosure rule
Interested parties are weighing in on the SEC's proposed climate risk
disclosure rule, which is available for comment until May ...
* Tech giants balk at competition bill, Digital Markets Act
The EU has already reached an agreement on their Digital Markets Act, which
would open tech giants' tightly controlled app stores...
* DOD official asks for faster commercial technology adoption
Michael Brown, director of the Defense Innovation Unit, said the lack of an
effective approach to adopting commercial technology ...
SearchEnterpriseDesktop
* Microsoft responds to cloud antitrust complaints
Microsoft has drawn antitrust scrutiny for rules that make it more expensive
to run Windows and Office on rivals' clouds. The ...
* Microsoft: Windows 11 features ease hybrid work strain on IT
Microsoft has aimed its latest Windows 11 features at helping IT staff
automate updates, secure corporate data and assist workers...
* Understanding the features of Windows 11 Enterprise
IT admins considering a migration to Windows 11 should learn how the features
of the Enterprise edition can benefit their ...
SearchCloudComputing
* Key Amazon EKS monitoring best practices
Learn how to monitor AWS EKS resources through tools such as CloudWatch and
Prometheus, as well as worker node and infrastructure...
* How cost and complexity factor into AWS DR strategies
To choose the right AWS disaster recovery plan, understand how much downtime
your business can tolerate -- and how DR scenarios ...
* Use the AWS CLI to create an EC2 instance
IT admins can use the AWS CLI to launch and manage EC2 instances. Follow
these steps to learn how.
ComputerWeekly.com
* Zoom unveils platform innovations to elevate customer experience
Breakout videoconferencing leader announces conversation intelligence service
and enhances online events offering, with aim to ...
* Cisco and Venywhere reimagine the future of hybrid work in Venice ‘living
lab’
Cisco employees live and work remotely in Venice for three months as part of
a pilot programme to help the city reinvent itself ...
* Refugee support group works with tech startup on reporting system
Computer Weekly speaks to a refugee support group about its ongoing
collaboration with an academic tech startup to develop a ...
* About Us
* Editorial Ethics Policy
* Meet The Editors
* Contact Us
* Videos
* Photo Stories
* Definitions
* Guides
* Advertisers
* Business Partners
* Media Kit
* Corporate Site
* Contributors
* CPE and CISSP Training
* Reprints
* Events
* E-Products
All Rights Reserved, Copyright 2000 - 2022, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info
Close