Lucene search
HistoryJul 13, 2022 - 7:15 p.m.
CVE-2022-22982
cve-2022-22982
vcenter server
ssrf
vulnerability
network access
443
exploit
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
46.3%
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
Affected configurations
Node
vmwarecloud_foundationRange3.0–3.11
ORvmwarecloud_foundationRange4.0–4.3.1
ORvmwarevcenter_serverMatch6.5-
ORvmwarevcenter_serverMatch6.5a
ORvmwarevcenter_serverMatch6.5b
ORvmwarevcenter_serverMatch6.5c
ORvmwarevcenter_serverMatch6.5d
ORvmwarevcenter_serverMatch6.5e
ORvmwarevcenter_serverMatch6.5f
ORvmwarevcenter_serverMatch6.5update1
ORvmwarevcenter_serverMatch6.5update1b
ORvmwarevcenter_serverMatch6.5update1c
ORvmwarevcenter_serverMatch6.5update1d
ORvmwarevcenter_serverMatch6.5update1e
ORvmwarevcenter_serverMatch6.5update1g
ORvmwarevcenter_serverMatch6.5update2
ORvmwarevcenter_serverMatch6.5update2b
ORvmwarevcenter_serverMatch6.5update2c
ORvmwarevcenter_serverMatch6.5update2d
ORvmwarevcenter_serverMatch6.5update2g
ORvmwarevcenter_serverMatch6.5update3
ORvmwarevcenter_serverMatch6.5update3d
ORvmwarevcenter_serverMatch6.5update3f
ORvmwarevcenter_serverMatch6.5update3k
ORvmwarevcenter_serverMatch6.5update3n
ORvmwarevcenter_serverMatch6.5update3p
ORvmwarevcenter_serverMatch6.5update3q
ORvmwarevcenter_serverMatch6.5update3r
ORvmwarevcenter_serverMatch6.5update3s
ORvmwarevcenter_serverMatch6.7-
ORvmwarevcenter_serverMatch6.7a
ORvmwarevcenter_serverMatch6.7b
ORvmwarevcenter_serverMatch6.7d
ORvmwarevcenter_serverMatch6.7update1
ORvmwarevcenter_serverMatch6.7update1b
ORvmwarevcenter_serverMatch6.7update2
ORvmwarevcenter_serverMatch6.7update2a
ORvmwarevcenter_serverMatch6.7update2c
ORvmwarevcenter_serverMatch6.7update3
ORvmwarevcenter_serverMatch6.7update3a
ORvmwarevcenter_serverMatch6.7update3b
ORvmwarevcenter_serverMatch6.7update3f
ORvmwarevcenter_serverMatch6.7update3g
ORvmwarevcenter_serverMatch6.7update3j
ORvmwarevcenter_serverMatch6.7update3l
ORvmwarevcenter_serverMatch6.7update3m
ORvmwarevcenter_serverMatch6.7update3n
ORvmwarevcenter_serverMatch6.7update3o
ORvmwarevcenter_serverMatch6.7update3p
ORvmwarevcenter_serverMatch6.7update3q
ORvmwarevcenter_serverMatch7.0-
ORvmwarevcenter_serverMatch7.0a
ORvmwarevcenter_serverMatch7.0b
ORvmwarevcenter_serverMatch7.0c
ORvmwarevcenter_serverMatch7.0d
ORvmwarevcenter_serverMatch7.0update1
ORvmwarevcenter_serverMatch7.0update1a
ORvmwarevcenter_serverMatch7.0update1c
ORvmwarevcenter_serverMatch7.0update1d
ORvmwarevcenter_serverMatch7.0update2
ORvmwarevcenter_serverMatch7.0update2a
ORvmwarevcenter_serverMatch7.0update2b
ORvmwarevcenter_serverMatch7.0update2c
ORvmwarevcenter_serverMatch7.0update2d
ORvmwarevcenter_serverMatch7.0update3
ORvmwarevcenter_serverMatch7.0update3a
ORvmwarevcenter_serverMatch7.0update3c
ORvmwarevcenter_serverMatch7.0update3d
ORvmwarevcenter_serverMatch7.0update3e
| Vendor | Product | Version | CPE |
|---|---|---|---|
| vmware | cloud_foundation | * | cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:* |
| vmware | vcenter_server | 6.5 | cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:* |
| vmware | vcenter_server | 6.5 | cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:* |
| vmware | vcenter_server | 6.5 | cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:* |
| vmware | vcenter_server | 6.5 | cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:* |
| vmware | vcenter_server | 6.5 | cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:* |
| vmware | vcenter_server | 6.5 | cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:* |
| vmware | vcenter_server | 6.5 | cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:* |
| vmware | vcenter_server | 6.5 | cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:* |
| vmware | vcenter_server | 6.5 | cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:* |
Related
vmware
vmware
prion
prion
Server side request forgery (ssrf)
2022-07-13 19:15:00
cve
cve
CVE-2022-22982
2022-07-13 19:15:09
cvelist
cvelist
CVE-2022-22982
2022-07-13 18:18:58
nessus
nessus
VMware vCenter Server 6.5 / 6.7 / 7.0 SSRF (VMSA-2022-0018)
2022-07-14 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
46.3%
Related for NVD:CVE-2022-22982