Input validation error in VMware Cloud Director - CVE-2022-22966

 

Input validation error in VMware Cloud Director - CVE-2022-22966

Published: April 15, 2022


Vulnerability identifier: #VU62349
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-22966
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: VMware, Inc
Affected software:
VMware Cloud Director

Detailed vulnerability description

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated user with network access to the VMware Cloud Director tenant or provider can send specially crafted input to the application and and execute arbitrary code on the system.


How to mitigate CVE-2022-22966

Install updates from vendor's website.

Sources