Headline

CVE-2022-22982: VMSA-2022-0018

The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

2 years ago

CVE

Open in Source

#vulnerability #ssrf #vmware

Advisory ID: VMSA-2022-0018

CVSSv3 Range: 5.3

Issue Date: 2022-07-12

Updated On: 2022-07-12 (Initial Advisory)

CVE(s): CVE-2022-22982

Synopsis: VMware vCenter Server updates address a server-side request forgery vulnerability (CVE-2022-22982)

Share this page on social media

****1. Impacted Products****

VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation)

****2. Introduction****

A server-side request forgery (SSRF) vulnerability in VMware vCenter Server was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

****3. vCenter Server SSRF vulnerability (CVE-2022-22982)****

The vCenter Server contains a server-side request forgery (SSRF) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

To remediate CVE-2022-22982 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

VMware would like to thank pwnull for reporting this issue to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

vCenter Server