Lucene search
HistoryJul 13, 2022 - 7:15 p.m.
CVE-2022-22982
vcenter server
ssrf
cve-2022-22982
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
46.3%
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
Affected configurations
Node
vmwarecloud_foundationRange3.0–3.11
ORvmwarecloud_foundationRange4.0–4.3.1
ORvmwarevcenter_serverMatch6.5-
ORvmwarevcenter_serverMatch6.5a
ORvmwarevcenter_serverMatch6.5b
ORvmwarevcenter_serverMatch6.5c
ORvmwarevcenter_serverMatch6.5d
ORvmwarevcenter_serverMatch6.5e
ORvmwarevcenter_serverMatch6.5f
ORvmwarevcenter_serverMatch6.5update1
ORvmwarevcenter_serverMatch6.5update1b
ORvmwarevcenter_serverMatch6.5update1c
ORvmwarevcenter_serverMatch6.5update1d
ORvmwarevcenter_serverMatch6.5update1e
ORvmwarevcenter_serverMatch6.5update1g
ORvmwarevcenter_serverMatch6.5update2
ORvmwarevcenter_serverMatch6.5update2b
ORvmwarevcenter_serverMatch6.5update2c
ORvmwarevcenter_serverMatch6.5update2d
ORvmwarevcenter_serverMatch6.5update2g
ORvmwarevcenter_serverMatch6.5update3
ORvmwarevcenter_serverMatch6.5update3d
ORvmwarevcenter_serverMatch6.5update3f
ORvmwarevcenter_serverMatch6.5update3k
ORvmwarevcenter_serverMatch6.5update3n
ORvmwarevcenter_serverMatch6.5update3p
ORvmwarevcenter_serverMatch6.5update3q
ORvmwarevcenter_serverMatch6.5update3r
ORvmwarevcenter_serverMatch6.5update3s
ORvmwarevcenter_serverMatch6.7-
ORvmwarevcenter_serverMatch6.7a
ORvmwarevcenter_serverMatch6.7b
ORvmwarevcenter_serverMatch6.7d
ORvmwarevcenter_serverMatch6.7update1
ORvmwarevcenter_serverMatch6.7update1b
ORvmwarevcenter_serverMatch6.7update2
ORvmwarevcenter_serverMatch6.7update2a
ORvmwarevcenter_serverMatch6.7update2c
ORvmwarevcenter_serverMatch6.7update3
ORvmwarevcenter_serverMatch6.7update3a
ORvmwarevcenter_serverMatch6.7update3b
ORvmwarevcenter_serverMatch6.7update3f
ORvmwarevcenter_serverMatch6.7update3g
ORvmwarevcenter_serverMatch6.7update3j
ORvmwarevcenter_serverMatch6.7update3l
ORvmwarevcenter_serverMatch6.7update3m
ORvmwarevcenter_serverMatch6.7update3n
ORvmwarevcenter_serverMatch6.7update3o
ORvmwarevcenter_serverMatch6.7update3p
ORvmwarevcenter_serverMatch6.7update3q
ORvmwarevcenter_serverMatch7.0-
ORvmwarevcenter_serverMatch7.0a
ORvmwarevcenter_serverMatch7.0b
ORvmwarevcenter_serverMatch7.0c
ORvmwarevcenter_serverMatch7.0d
ORvmwarevcenter_serverMatch7.0update1
ORvmwarevcenter_serverMatch7.0update1a
ORvmwarevcenter_serverMatch7.0update1c
ORvmwarevcenter_serverMatch7.0update1d
ORvmwarevcenter_serverMatch7.0update2
ORvmwarevcenter_serverMatch7.0update2a
ORvmwarevcenter_serverMatch7.0update2b
ORvmwarevcenter_serverMatch7.0update2c
ORvmwarevcenter_serverMatch7.0update2d
ORvmwarevcenter_serverMatch7.0update3
ORvmwarevcenter_serverMatch7.0update3a
ORvmwarevcenter_serverMatch7.0update3c
ORvmwarevcenter_serverMatch7.0update3d
ORvmwarevcenter_serverMatch7.0update3e
CNA Affected
[
{
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server (7.0 before 7.0 U3f, 6.7 before 6.7 U3r & 6.5 before 6.5 U3t)"
}
]
}
]Social References
More
Related
vmware
vmware
prion
prion
Server side request forgery (ssrf)
2022-07-13 19:15:00
nvd
nvd
CVE-2022-22982
2022-07-13 19:15:09
nessus
nessus
VMware vCenter Server 6.5 / 6.7 / 7.0 SSRF (VMSA-2022-0018)
2022-07-14 00:00:00
cvelist
cvelist
CVE-2022-22982
2022-07-13 18:18:58
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
46.3%
Related for CVE-2022-22982