CVE-2022-22982

Published on: Not Yet Published

Last Modified on: 07/20/2022 03:11:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Certain versions of Cloud Foundation from Vmware contain the following vulnerability:

The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

  • CVE-2022-22982 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVE References

Description Tags Link
VMSA-2022-0018 www.vmware.com
text/html
URL Logo MISC www.vmware.com/security/advisories/VMSA-2022-0018.html

Related QID Numbers

  • 216288 VMware vCenter Server 6.5 Update 6.5 U3T (VMSA-2022-0018)
  • 216289 VMware vCenter Server 6.7 Update 6.7 U3R (VMSA-2022-0018)
  • 216290 VMware vCenter Server 7.0 Update 7.0 U3F (VMSA-2022-0018)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationVmwareCloud FoundationAllAllAllAll
ApplicationVmwareCloud FoundationAllAllAllAll
ApplicationVmwareVcenter Server6.5-AllAll
ApplicationVmwareVcenter Server6.5aAllAll
ApplicationVmwareVcenter Server6.5bAllAll
ApplicationVmwareVcenter Server6.5cAllAll
ApplicationVmwareVcenter Server6.5dAllAll
ApplicationVmwareVcenter Server6.5eAllAll
ApplicationVmwareVcenter Server6.5fAllAll
ApplicationVmwareVcenter Server6.5update1AllAll
ApplicationVmwareVcenter Server6.5update1bAllAll
ApplicationVmwareVcenter Server6.5update1cAllAll
ApplicationVmwareVcenter Server6.5update1dAllAll
ApplicationVmwareVcenter Server6.5update1eAllAll
ApplicationVmwareVcenter Server6.5update1gAllAll
ApplicationVmwareVcenter Server6.5update2AllAll
ApplicationVmwareVcenter Server6.5update2bAllAll
ApplicationVmwareVcenter Server6.5update2cAllAll
ApplicationVmwareVcenter Server6.5update2dAllAll
ApplicationVmwareVcenter Server6.5update2gAllAll
ApplicationVmwareVcenter Server6.5update3AllAll
ApplicationVmwareVcenter Server6.5update3dAllAll
ApplicationVmwareVcenter Server6.5update3fAllAll
ApplicationVmwareVcenter Server6.5update3kAllAll
ApplicationVmwareVcenter Server6.5update3nAllAll
ApplicationVmwareVcenter Server6.5update3pAllAll
ApplicationVmwareVcenter Server6.5update3qAllAll
ApplicationVmwareVcenter Server6.5update3rAllAll
ApplicationVmwareVcenter Server6.5update3sAllAll
ApplicationVmwareVcenter Server6.7-AllAll
ApplicationVmwareVcenter Server6.7aAllAll
ApplicationVmwareVcenter Server6.7bAllAll
ApplicationVmwareVcenter Server6.7dAllAll
ApplicationVmwareVcenter Server6.7update1AllAll
ApplicationVmwareVcenter Server6.7update1bAllAll
ApplicationVmwareVcenter Server6.7update2AllAll
ApplicationVmwareVcenter Server6.7update2aAllAll
ApplicationVmwareVcenter Server6.7update2cAllAll
ApplicationVmwareVcenter Server6.7update3AllAll
ApplicationVmwareVcenter Server6.7update3aAllAll
ApplicationVmwareVcenter Server6.7update3bAllAll
ApplicationVmwareVcenter Server6.7update3fAllAll
ApplicationVmwareVcenter Server6.7update3gAllAll
ApplicationVmwareVcenter Server6.7update3jAllAll
ApplicationVmwareVcenter Server6.7update3lAllAll
ApplicationVmwareVcenter Server6.7update3mAllAll
ApplicationVmwareVcenter Server6.7update3nAllAll
ApplicationVmwareVcenter Server6.7update3oAllAll
ApplicationVmwareVcenter Server6.7update3pAllAll
ApplicationVmwareVcenter Server6.7update3qAllAll
ApplicationVmwareVcenter Server7.0-AllAll
ApplicationVmwareVcenter Server7.0aAllAll
ApplicationVmwareVcenter Server7.0bAllAll
ApplicationVmwareVcenter Server7.0cAllAll
ApplicationVmwareVcenter Server7.0dAllAll
ApplicationVmwareVcenter Server7.0update1AllAll
ApplicationVmwareVcenter Server7.0update1aAllAll
ApplicationVmwareVcenter Server7.0update1cAllAll
ApplicationVmwareVcenter Server7.0update1dAllAll
ApplicationVmwareVcenter Server7.0update2AllAll
ApplicationVmwareVcenter Server7.0update2aAllAll
ApplicationVmwareVcenter Server7.0update2bAllAll
ApplicationVmwareVcenter Server7.0update2cAllAll
ApplicationVmwareVcenter Server7.0update2dAllAll
ApplicationVmwareVcenter Server7.0update3AllAll
ApplicationVmwareVcenter Server7.0update3aAllAll
ApplicationVmwareVcenter Server7.0update3cAllAll
ApplicationVmwareVcenter Server7.0update3dAllAll
ApplicationVmwareVcenter Server7.0update3eAllAll
  • cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update3q:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update3r:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.5:update3s:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update3l:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update3m:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update3n:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update3o:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update3p:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:6.7:update3q:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @sidfm_jp VMware vCenter Server にサーバサイドリクエストフォージェリの問題 (CVE-2022-22982) [42739] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 2022-07-13 05:00:03
Twitter Icon @CVEreport CVE-2022-22982 : The vCenter Server contains a server-side request forgery #SSRF vulnerability. A malicious actor… twitter.com/i/web/status/1… 2022-07-13 19:14:22
Reddit Logo Icon /r/netcve CVE-2022-22982 2022-07-13 19:38:22
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report