CVE-2022-22977
published 2022-05-24CVE-2022-22977: VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user…
high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | tools | 10.0.0 – 10.3.24 | — |
| vmware | tools | 11.0.0 – 11.3.5 | — |
| vmware | tools | >= 12.0.0 < 12.0.5 | 12.0.5 |