Headline
CVE-2022-22982: VMSA-2022-0018
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
Advisory ID: VMSA-2022-0018
CVSSv3 Range: 5.3
Issue Date: 2022-07-12
Updated On: 2022-07-12 (Initial Advisory)
CVE(s): CVE-2022-22982
Synopsis: VMware vCenter Server updates address a server-side request forgery vulnerability (CVE-2022-22982)
Share this page on social media
Sign up for Security Advisories
****1. Impacted Products****
VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation)
****2. Introduction****
A server-side request forgery (SSRF) vulnerability in VMware vCenter Server was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
****3. vCenter Server SSRF vulnerability (CVE-2022-22982)****
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
To remediate CVE-2022-22982 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
VMware would like to thank pwnull for reporting this issue to us.
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
vCenter Server
7.0
Any
CVE-2022-22982
5.3
moderate
7.0 U3f
None
None
vCenter Server
6.7
Any
CVE-2022-22982
5.3
moderate
6.7 U3r
None
None
vCenter Server
6.5
Any
CVE-2022-22982
5.3
moderate
6.5 U3t
None
None
Impacted Product Suites that Deploy Response Matrix Components:
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
Cloud Foundation (vCenter Server)
4.x
Any
CVE-2022-22982
5.3
moderate
KB88287
None
None
Cloud Foundation (vCenter Server)
3.x
Any
CVE-2022-22982
5.3
moderate
Patch Pending
None
None
****4. References****
****5. Change Log****
**2022-07-12 VMSA-2022-0018
**Initial security advisory.
****6. Contact****
Related news
VMware Security Advisory 2022-0018 - VMware vCenter Server updates address a server-side request forgery vulnerability.