April 11, 2022 at 02:48PM

■■■■■ Zero-Day: CVE-2022-22954 Server-Side Template Injection in VMware Workspace ONE Access.

Successful exploitation could lead to RCE from an unauthenticated user via HTTP-POST request by chaining 2 exploits.

Patch ASAP!

We had reported earlier about the Zero-Day here: https://t.me/cKure/11024

https://twitter.com/ptswarm/status/1512083327884271619

https://t.me/cKure/11175