CVE-2022-22966

4 documents4 sources

Severity

7.2HIGH

EPSS

9.9%

top 6.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vcloud Director

Timeline

PublishedApr 14

Latest updateApr 15

Description

An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDvmware/vcloud_director10.1.0 — 10.1.4.1+2

▶CVEListV5vmware_cloud_directorVMware Cloud Director versions prior to 10.3.3, 10.2.2.3, 10.1.4.1

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-vjxq-3835-4p27: An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote↗2022-04-15

▶

CVEList

CVE-2022-22966: An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote↗2022-04-14

▶

📋Vendor Advisories

VMware

VMware Cloud Director update addresses remote code execution vulnerability (CVE-2022-22966)↗2022-04-14

▶