CVE-2022-31680
Severity CVSS v4.0:
Pending analysis
Type:
CWE-502
Deserialization of Untrusted Dat
Publication date:
07/10/2022
Last modified:
11/10/2022
Description
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.
Impact
Base Score 3.x
9.10
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:* | 6.5 (excluding) | |
| cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page