Vulnerability-Lookup

CVE-2022-22982 (GCVE-0-2022-22982)

Vulnerability from cvelistv5 – Published: 2022-07-13 18:18 – Updated: 2024-08-03 03:28

Summary

The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

Severity ?

No CVSS data available.

CWE

Server-side request forgery vulnerability

Assigner

vmware

References

URL

	Vendor	Product	Version
	n/a	VMware vCenter Server	Affected: VMware vCenter Server (7.0 before 7.0 U3f, 6.7 before 6.7 U3r & 6.5 before 6.5 U3t)

GSD-2022-22982

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-22982

Aliases

CVE-2022-22982

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-22982",
    "description": "The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.",
    "id": "GSD-2022-22982"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-22982"
      ],
      "details": "The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.",
      "id": "GSD-2022-22982",
      "modified": "2023-12-13T01:19:29.456168Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@vmware.com",
        "ID": "CVE-2022-22982",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "VMware vCenter Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "VMware vCenter Server (7.0 before 7.0 U3f, 6.7 before 6.7 U3r \u0026 6.5 before 6.5 U3t)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Server-side request forgery vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.vmware.com/security/advisories/VMSA-2022-0018.html",
            "refsource": "MISC",
            "url": "https://www.vmware.com/security/advisories/VMSA-2022-0018.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update3l:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update3m:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update3n:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update3o:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update3q:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.11",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.3.1",
                "versionStartIncluding": "4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update3p:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.7:update3q:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update3r:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:6.5:update3s:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2022-22982"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-918"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2022-0018.html",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2022-0018.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-07-20T15:11Z",
      "publishedDate": "2022-07-13T19:15Z"
    }
  }
}

GHSA-CVX4-254W-9PPG

Vulnerability from github – Published: 2022-07-14 00:00 – Updated: 2022-07-21 00:00

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-22982"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-13T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.",
  "id": "GHSA-cvx4-254w-9ppg",
  "modified": "2022-07-21T00:00:31Z",
  "published": "2022-07-14T00:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22982"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2022-0018.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2022-AVI-638

Vulnerability from certfr_avis - Published: 2022-07-15 - Updated: 2022-07-15

De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	vCenter Server	vCenter Server version 6.7 antérieure à 6.7 U3r
VMware	N/A	Cloud Foundation (vCenter Server) versions 3.x
VMware	N/A	Cloud Foundation (ESXi) versions 4.x sans le correctif de sécurité KB88695
VMware	N/A	VMware vRealize Log Insight versions 8.x antérieures à 8.8.2
VMware	ESXi	ESXi version 7.0 sans le correctif de sécurité ESXi70U3sf-20036586
VMware	vCenter Server	vCenter Server version 6.5 antérieure à 6.5 U3t
VMware	ESXi	ESXi version 6.7 sans le correctif de sécurité ESXi670-202207401-SG
VMware	ESXi	ESXi version 6.5 sans le correctif de sécurité ESXi650-202207401-SG
VMware	N/A	Cloud Foundation (vCenter Server) versions 4.x sans le correctif de sécurité KB88287
VMware	vCenter Server	vCenter Server version 7.0 antérieure à 7.0 U3f
VMware	N/A	Cloud Foundation (ESXi) versions 3.x sans le correctif de sécurité KB88927

References

Title

Publication Time

FKIE_CVE-2022-22982

Vulnerability from fkie_nvd - Published: 2022-07-13 19:15 - Updated: 2024-11-21 06:47

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	security@vmware.com	https://www.vmware.com/security/advisories/VMSA-2022-0018.html	Release Notes, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.vmware.com/security/advisories/VMSA-2022-0018.html	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
vmware	cloud_foundation	*
vmware	cloud_foundation	*
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.5
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	6.7
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0
vmware	vcenter_server	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5BAF38C-348A-46F6-A1D4-1625D68EDD5A",
              "versionEndIncluding": "3.11",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "326A2867-797D-4AA9-8D2C-43E8CDA0BCFC",
              "versionEndIncluding": "4.3.1",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
              "matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
              "matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
              "matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
              "matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*",
              "matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*",
              "matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
              "matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
              "matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
              "matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
              "matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
              "matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
              "matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
              "matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
              "matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
              "matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
              "matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
              "matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
              "matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
              "matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*",
              "matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*",
              "matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*",
              "matchCriteriaId": "D8BB6CBC-11D6-40A4-ABAF-53AB9BED5A73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*",
              "matchCriteriaId": "26A3EC15-8C04-49AD-9045-4D9FADBD50CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3q:*:*:*:*:*:*",
              "matchCriteriaId": "AF7E87BB-1B5B-4F13-A70C-B3C6716E7919",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3r:*:*:*:*:*:*",
              "matchCriteriaId": "70A9244F-2C9C-4D7D-B384-08DDF95770DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3s:*:*:*:*:*:*",
              "matchCriteriaId": "2CBEA4F8-CBA3-4C71-96B3-47489F0D299C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
              "matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
              "matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
              "matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
              "matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
              "matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
              "matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
              "matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
              "matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*",
              "matchCriteriaId": "04487105-980A-4943-9360-4442BF0411E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*",
              "matchCriteriaId": "24D24E06-EB3F-4F11-849B-E66757B01466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*",
              "matchCriteriaId": "8AF12716-88E2-44B5-ACD7-BCBECA130FB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*",
              "matchCriteriaId": "3352212C-E820-47B3-BDF5-57018F5B9E81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*",
              "matchCriteriaId": "6436ADFD-6B94-4D2A-B09B-CED4EC6CA276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*",
              "matchCriteriaId": "D06832CE-F946-469D-B495-6735F18D02A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3l:*:*:*:*:*:*",
              "matchCriteriaId": "726AC46D-9EA8-4FE8-94B8-0562935458F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3m:*:*:*:*:*:*",
              "matchCriteriaId": "0243D22F-1591-4A95-A7FE-2658CEE0C08F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3n:*:*:*:*:*:*",
              "matchCriteriaId": "02AE5983-CD14-4EAF-9F5C-1281E3DE7F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3o:*:*:*:*:*:*",
              "matchCriteriaId": "EFDDF4CA-1C20-430E-A17C-CC2998F8BDDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3p:*:*:*:*:*:*",
              "matchCriteriaId": "7D2B0FBA-8E4A-491E-8E22-AAD7DBB5FF5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3q:*:*:*:*:*:*",
              "matchCriteriaId": "126B4E78-DCE3-4375-80C9-3679F9BF107C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
              "matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
              "matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
              "matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
              "matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
              "matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
              "matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
              "matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
              "matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
              "matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
              "matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
              "matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
              "matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
              "matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
              "matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
              "matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service."
    },
    {
      "lang": "es",
      "value": "El servidor vCenter contiene una vulnerabilidad de tipo server-side request forgery (SSRF). Un actor malicioso con acceso de red a 443 en el vCenter Server puede explotar este problema al acceder a una petici\u00f3n de URL fuera del vCenter Server o accediendo a un servicio interno"
    }
  ],
  "id": "CVE-2022-22982",
  "lastModified": "2024-11-21T06:47:44.170",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-13T19:15:09.607",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2022-0018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2022-0018.html"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-22982 (GCVE-0-2022-22982)

GSD-2022-22982

GHSA-CVX4-254W-9PPG

CERTFR-2022-AVI-638

Solution

FKIE_CVE-2022-22982

Tags

Sightings

Nomenclature