Vulnerabilities > CVE-2022-31678 - XXE vulnerability in VMWare Cloud Foundation and NSX Data Center

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
vmware
CWE-611
critical

Summary

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.

Vulnerable Configurations

Part Description Count
Application
Vmware
72