Multiple vulnerabilities in VMware Cloud Foundation (vIDM)
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2022-22954 CVE-2022-22957 CVE-2022-22958 CVE-2022-22959 CVE-2022-22960 CVE-2022-22961 |
| CWE-ID | CWE-94 CWE-502 CWE-352 CWE-276 CWE-200 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Public exploit code for vulnerability #2 is available. Vulnerability #5 is being exploited in the wild. |
| Vulnerable software |
Cloud Foundation Client/Desktop applications / Virtualization software |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Code Injection
EUVDB-ID: #VU61929
Risk: Critical
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2022-22954
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted HTTP request and perform server-side template injection.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCloud Foundation: 4.0 - 4.3.1.1
CPE2.3- cpe:2.3:a:vmware:vmware_cloud_foundation:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:4.1:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2022-0011.html
https://kb.vmware.com/s/article/88099
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23639
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Deserialization of Untrusted Data
EUVDB-ID: #VU61932
Risk: Low
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2022-22957
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: Yes
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data passed via the JDBC URI. A remote administrator can pass specially crafted data via the JDBC URI and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCloud Foundation: 3.0 - 4.3.1.1
CPE2.3- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0.1.1:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2022-0011.html
https://kb.vmware.com/s/article/88099
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23639
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
3) Deserialization of Untrusted Data
EUVDB-ID: #VU61933
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-22958
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data passed via the JDBC URI. A remote administrator can pass specially crafted data via the JDBC URI and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCloud Foundation: 3.0 - 4.3.1.1
CPE2.3- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0.1.1:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2022-0011.html
https://kb.vmware.com/s/article/88099
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23639
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cross-site request forgery
EUVDB-ID: #VU61934
Risk: High
CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-22959
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website and unintentionally validate a malicious JDBC URI.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCloud Foundation: 3.0 - 4.3.1.1
CPE2.3- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0.1.1:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2022-0011.html
https://kb.vmware.com/s/article/88099
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23639
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Incorrect default permissions
EUVDB-ID: #VU61935
Risk: Low
CVSSv4.0: 9.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/U:Clear]
CVE-ID: CVE-2022-22960
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for support scripts. A local user with access to the system can overwrite files and execute arbitrary code with root privileges.
Install updates from vendor's website.
Vulnerable software versionsCloud Foundation: 3.0 - 4.3.1.1
CPE2.3- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0.1.1:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2022-0011.html
https://kb.vmware.com/s/article/88099
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23639
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
6) Information disclosure
EUVDB-ID: #VU61936
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-22961
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can obtain hostname of the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCloud Foundation: 4.0 - 4.3.1.1
CPE2.3- cpe:2.3:a:vmware:vmware_cloud_foundation:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:4.1:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2022-0011.html
https://kb.vmware.com/s/article/88099
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23639
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
