{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-31680", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "dateUpdated": "2024-08-03T07:26:01.110Z", "dateReserved": "2022-05-25T00:00:00", "datePublished": "2022-10-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2022-10-10T00:00:00"}, "descriptions": [{"lang": "en", "value": "The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server."}], "affected": [{"vendor": "n/a", "product": "VMware vCenter Server", "versions": [{"version": "VMware vCenter Server 6.5 prior to U3u", "status": "affected"}]}], "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Unsafe deserialization vulnerability"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:01.110Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html", "tags": ["x_transferred"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F19BBA2-1468-4BE2-9B21-C43E9B2A458E", "versionEndExcluding": "6.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*", "matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*", "matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*", "matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*", "matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*", "matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*", "matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*", "matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*", "matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*", "matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*", "matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*", "matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*", "matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*", "matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*", "matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*", "matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*", "matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*", "matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*", "matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*", "matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*", "matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*", "matchCriteriaId": "D8BB6CBC-11D6-40A4-ABAF-53AB9BED5A73", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*", "matchCriteriaId": "26A3EC15-8C04-49AD-9045-4D9FADBD50CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3q:*:*:*:*:*:*", "matchCriteriaId": "AF7E87BB-1B5B-4F13-A70C-B3C6716E7919", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3r:*:*:*:*:*:*", "matchCriteriaId": "70A9244F-2C9C-4D7D-B384-08DDF95770DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3s:*:*:*:*:*:*", "matchCriteriaId": "2CBEA4F8-CBA3-4C71-96B3-47489F0D299C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3t:*:*:*:*:*:*", "matchCriteriaId": "B40B0E23-410D-403D-811B-486EBF406E6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3u:*:*:*:*:*:*", "matchCriteriaId": "254F40B1-43B8-4222-A177-8906BF38D59C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server."}, {"lang": "es", "value": "El servidor vCenter contiene una vulnerabilidad de deserializaci\u00f3n no segura en el PSC (Platform services controller). Un actor malicioso con acceso de administrador en el servidor vCenter puede aprovechar este problema para ejecutar c\u00f3digo arbitrario en el sistema operativo subyacente que aloja el servidor vCenter"}], "id": "CVE-2022-31680", "lastModified": "2022-10-11T13:37:43.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-07T21:15:11.247", "references": [{"source": "security@vmware.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587"}, {"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}