Vulnerabilities > CVE-2022-31678 - XXE vulnerability in VMWare Cloud Foundation and NSX Data Center

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

vmware

CWE-611

critical

NVD

Published: 2022-10-28

Updated: 2022-10-31

Summary

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Cloud Foundation - Vmware Cloud Foundation 2.1.3 Vmware Cloud Foundation 2.1.3A Vmware Cloud Foundation 2.1.3B Vmware Cloud Foundation 2.1.3C Vmware Cloud Foundation 2.2 Vmware Cloud Foundation 2.2.0.1 Vmware Cloud Foundation 2.2.0.2 Vmware Cloud Foundation 2.2.1 Vmware Cloud Foundation 2.2.1.1 Vmware Cloud Foundation 2.3.0 Vmware Cloud Foundation 2.3.1 Vmware Cloud Foundation 2.3.2 Vmware Cloud Foundation 2.3.2.1 Vmware Cloud Foundation 2.3.2.2 Vmware Cloud Foundation 2.3.2.3 Vmware Cloud Foundation 2.3.2.4 Vmware Cloud Foundation 2.3.2.5 Vmware Cloud Foundation 2.3.2.6 Vmware Cloud Foundation 2.3.2.7 Vmware Cloud Foundation 3.0 Vmware Cloud Foundation 3.0.1 Vmware Cloud Foundation 3.0.1.1 Vmware Cloud Foundation 3.5 Vmware Cloud Foundation 3.5.1 Vmware Cloud Foundation 3.7 Vmware Cloud Foundation 3.7.1 Vmware Cloud Foundation 3.7.2 Vmware Cloud Foundation 3.8 Vmware Cloud Foundation 3.8.1 Vmware Cloud Foundation 3.9 Vmware Cloud Foundation 3.9.1 Vmware Cloud Foundation 3.10 Vmware Cloud Foundation 3.10.1 Vmware Cloud Foundation 3.10.1.1 Vmware Cloud Foundation 3.10.1.2 Vmware Cloud Foundation 3.10.2.1 Vmware Cloud Foundation 3.10.2.2 Vmware NSX Data Center 6.2.0 Vmware NSX Data Center 6.2.1 Vmware NSX Data Center 6.2.2 Vmware NSX Data Center 6.2.3 Vmware NSX Data Center 6.2.4 Vmware NSX Data Center 6.2.5 Vmware NSX Data Center 6.2.6 Vmware NSX Data Center 6.2.7 Vmware NSX Data Center 6.2.8 Vmware NSX Data Center 6.2.9 Vmware NSX Data Center 6.3.0 Vmware NSX Data Center 6.3.1 Vmware NSX Data Center 6.3.2 Vmware NSX Data Center 6.3.3 Vmware NSX Data Center 6.3.4 Vmware NSX Data Center 6.3.5 Vmware NSX Data Center 6.3.6 Vmware NSX Data Center 6.3.7 Vmware NSX Data Center 6.4.0 Vmware NSX Data Center 6.4.1 Vmware NSX Data Center 6.4.2 Vmware NSX Data Center 6.4.3 Vmware NSX Data Center 6.4.4 Vmware NSX Data Center 6.4.5 Vmware NSX Data Center 6.4.6 Vmware NSX Data Center 6.4.7 Vmware NSX Data Center 6.4.8 Vmware NSX Data Center 6.4.9 Vmware NSX Data Center 6.4.10 Vmware NSX Data Center 6.4.11 Vmware NSX Data Center 6.4.12 Vmware NSX Data Center 6.4.13	71

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://www.vmware.com/security/advisories/VMSA-2022-0027.html