CVE-2022-31678

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.

Published: Oct 28, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-31678
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
vmware / cloud_foundation	-	3.11
vmware / nsx_data_center	-	6.4.14

https://www.vmware.com/security/advisories/VMSA-2022-0027.html

Vulnerability Database

289,784

CVE-2022-31678