XML External Entity Vulnerability in VMware Tools for Windows
CVE-2022-22977

7.1HIGH

Key Information:

Vendor: Vmware
Status: Vmware Tools For Windows
Vendor: CVE Published:; 24 May 2022

Summary

VMware Tools for Windows has a vulnerability that allows a malicious actor with non-administrative local user privileges to exploit an XML External Entity (XXE) issue. The exploitation could lead to a denial-of-service condition or unintended information disclosure, posing significant risks to system integrity and user data.

Affected Version(s)

VMware Tools for Windows VMware Tools for Windows (12.0.0, 11.x.y and 10.x.y)

References

https://www.vmware.com/security/advisories/VMSA-2022-0015...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 24, 2022
Vulnerability Reserved
Jan 10, 2022