Denial of Service Vulnerability in VMware vCenter Server
CVE-2022-31698

5.3MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Vcenter Server, Vmware Cloud Foundation
Vendor: CVE Published:; 13 December 2022

Summary

VMware vCenter Server is susceptible to a denial-of-service vulnerability affecting its content library service. A malicious user with network access to port 443 can exploit this weakness by sending specially crafted headers, potentially causing a service disruption. Organizations utilizing VMware's vCenter Server should take proactive measures to secure their environments against this vulnerability.

Affected Version(s)

VMware vCenter Server, VMware Cloud Foundation VMware (7.0 prior to 7.0 U3i, 6.7 prior to 6.7.0 U3s, 6.5 prior to 6.5 U3u), VMware Cloud Foundation (4.x, 3.x)

References

https://www.vmware.com/security/advisories/VMSA-2022-0030...

https://www.talosintelligence.com/vulnerability_reports/T...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
May 25, 2022