CVE-2022-31698

5.3MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Vcenter Server, Vmware Cloud Foundation
Vendor: CVE Published:; 13 December 2022

Summary

The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.

Affected Version(s)

VMware vCenter Server, VMware Cloud Foundation VMware (7.0 prior to 7.0 U3i, 6.7 prior to 6.7.0 U3s, 6.5 prior to 6.5 U3u), VMware Cloud Foundation (4.x, 3.x)

References

https://www.vmware.com/security/advisories/VMSA-2022-0030...

https://www.talosintelligence.com/vulnerability_reports/T...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
May 25, 2022