QID 376633

Date Published: 2022-05-26

QID 376633: VMware Tools Extensible Markup Language (XML) External Entity (XXE) Vulnerability (VMSA-2022-0015)

VMware Tools is a suite of utilities that enhances the performance of the virtual machine guest operating system and improves management of the virtual machine running on VMware.

Affected Versions:
VMware Tools version from 10.x.x to 12.0.4.

QID Detection Logic:(Authenticated)
It checks for vulnerable version of VMware tools.

A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.

CVSS V3 rated as Medium - 5.8 severity.

CVSS V2 rated as Medium - 5 severity.

Solution

To remediate this issue update to VMware Tools version VMware Tools 12.0.5
For more information please visit VMware advisory VMSA-2022-0015

Vendor References

VMSA-2022-0015 - www.vmware.com/security/advisories/VMSA-2022-0015.html

CVEs related to QID 376633

CVE-2022-22977 |

Software Advisories

Advisory ID	Software	Component	Link
VMSA-2022-0015			www.vmware.com/security/advisories/VMSA-2022-0015.html

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].