mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-07 05:28:59 +00:00
224 lines
8.4 KiB
JSON
224 lines
8.4 KiB
JSON
{
|
|
"id": "CVE-2022-31680",
|
|
"sourceIdentifier": "security@vmware.com",
|
|
"published": "2022-10-07T21:15:11.247",
|
|
"lastModified": "2022-10-11T13:37:43.957",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "El servidor vCenter contiene una vulnerabilidad de deserializaci\u00f3n no segura en el PSC (Platform services controller). Un actor malicioso con acceso de administrador en el servidor vCenter puede aprovechar este problema para ejecutar c\u00f3digo arbitrario en el sistema operativo subyacente que aloja el servidor vCenter"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "NONE",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.1,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 2.3,
|
|
"impactScore": 6.0
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-502"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "6.5",
|
|
"matchCriteriaId": "2F19BBA2-1468-4BE2-9B21-C43E9B2A458E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
|
|
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D8BB6CBC-11D6-40A4-ABAF-53AB9BED5A73"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*",
|
|
"matchCriteriaId": "26A3EC15-8C04-49AD-9045-4D9FADBD50CD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3q:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AF7E87BB-1B5B-4F13-A70C-B3C6716E7919"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3r:*:*:*:*:*:*",
|
|
"matchCriteriaId": "70A9244F-2C9C-4D7D-B384-08DDF95770DA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3s:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2CBEA4F8-CBA3-4C71-96B3-47489F0D299C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3t:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B40B0E23-410D-403D-811B-486EBF406E6D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3u:*:*:*:*:*:*",
|
|
"matchCriteriaId": "254F40B1-43B8-4222-A177-8906BF38D59C"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587",
|
|
"source": "security@vmware.com",
|
|
"tags": [
|
|
"Exploit",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html",
|
|
"source": "security@vmware.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |