Insecure Deserialization Vulnerability in VMware Hyperic Server
CVE-2022-38650

10CRITICAL

Key Information:

Vendor: Vmware
Status: Hyperic Server
Vendor: CVE Published:; 12 November 2022

Summary

A critical vulnerability exists in VMware Hyperic Server 5.8.6, allowing remote unauthenticated attackers to exploit insecure deserialization. This flaw can enable the execution of arbitrary code or malware, potentially compromising the Hyperic Server and affecting the host operating system using the privileges of the server process. This vulnerability specifically targets products that are no longer supported, increasing the risk for users who have not upgraded to a more secure version.

References

https://www.cyber.gov.au/acsc/view-all-content/alerts/mul...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 12, 2022
Vulnerability Reserved
Aug 22, 2022