Main Vulnerability Database Vulnerabilities #VU62349

Input validation error in VMware Cloud Director - CVE-2022-22966

Published: April 15, 2022

Vulnerability identifier: #VU62349

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-22966

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
VMware Cloud Director

Software vendor:
VMware, Inc

Description

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated user with network access to the VMware Cloud Director tenant or provider can send specially crafted input to the application and and execute arbitrary code on the system.

Remediation

Install updates from vendor's website.

External links

https://www.vmware.com/security/advisories/VMSA-2022-0013.html

Input validation error in VMware Cloud Director - CVE-2022-22966

Description

Remediation

External links

Please verify you're human