{"uuid": "78a1e7b3-f043-4d93-8292-2206a519e8fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22954", "type": "exploited", "source": "https://t.me/VIEHGroup/68", "content": "CVE-2022-22954 Utilized by a state-sponsored group in the wild To infiltrate virtualization systems with Server Template Injection (SSTI)\n\npoc: \nhttps://github.com/sherlocksecurity/VMware-CVE-2022-22954\n\nShodan query for CVE-2022-22954\n\nhttp.favicon.hash:-1250474341\n\n\nPlease scan logs and stay safe\n\ngrep one liner.\n\ngrep -e \"/catalog-portal/ui/oauth/verify?error=&deviceUdid=%24%\" /opt/vmware/horizon/workspace/logs/*\n\n\nPlease add these IP addresses that scan the Internet space to a blacklist in the firewall\n\nis being exploited by a threat actor from China \ud83c\udde8\ud83c\uddf3 \nwith the IP of 117.89.211.135 and 60.166.67.164.", "creation_timestamp": "2022-04-13T15:42:56.000000Z"}