CVE-2022-31678 - VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x inst

CVE-2022-31678

Summary

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.

References

https://www.vmware.com/security/advisories/VMSA-2022-0027.html

Vulnerable Configurations

cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.1.3a:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.1.3a:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.1.3b:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.1.3b:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.1.3c:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.1.3c:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:2.3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.0:-:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.0:-:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.10:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.10:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.10.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.10.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.10.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.10.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.10.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.10.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.10.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.10.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.10.2.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:3.10.2.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.0:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.0:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.1:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.1:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.2:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.2:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.3:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.3:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.4:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.4:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.5:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.5:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.6:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.6:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.7:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.7:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.8:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.8:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.9:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.2.9:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.3.0:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.3.0:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.3.1:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.3.1:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.3.2:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.3.2:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.3.3:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.3.3:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.3.4:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.3.4:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.3.5:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.3.5:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.3.6:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.3.6:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.3.7:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.3.7:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.0:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.0:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.1:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.1:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.2:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.2:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.3:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.3:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.4:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.4:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.5:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.5:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.6:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.6:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.7:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.7:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.8:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.8:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.9:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.9:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.10:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.10:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.11:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.11:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.12:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.12:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.13:*:*:*:*:vsphere:*:*
cpe:2.3:a:vmware:nsx_data_center:6.4.13:*:*:*:*:vsphere:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

CWE-611

CAPEC

XML External Entities Blowup
This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

31-10-2022 - 17:02

Published

28-10-2022 - 02:15

Last modified

31-10-2022 - 17:02