CVE-2022-31680

CRITICAL

Vmware Vcenter Server < 6.5 - Insecure Deserialization

Title source: rule

Description

The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.

References (2)

Scores

CVSS v3 9.1
EPSS 0.0495
EPSS Percentile 89.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (28)

vmware/vcenter_server < 6.5
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
vmware/vcenter_server
... and 13 more

Timeline

Published Oct 07, 2022
Tracked Since Feb 18, 2026