■■■■■ Zero-Day: CVE-2022-22954 Server-Side Template Injection in VMware Workspace ONE Access.
Successful exploitation could lead to RCE from an unauthenticated user via HTTP-POST request by chaining 2 exploits.
Patch ASAP!
We had reported earlier about the Zero-Day here: https://t.me/cKure/11024
https://twitter.com/ptswarm/status/1512083327884271619
https://t.me/cKure/11175