CVE-2022-22982

Name of the Vulnerable Software and Affected Versions VMware vCenter Server (affected versions not specified) VMware Cloud Foundation (affected versions not specified)

Description The issue is related to insufficient validation of incoming requests, allowing a remote attacker to perform a server-side request forgery (SSRF) attack by sending specially crafted requests to port 443. This could enable the attacker to access a URL request outside of vCenter Server or access an internal service.

Recommendations For VMware vCenter Server, restrict access to port 443 until a patch is available. For VMware Cloud Foundation, consider disabling access to internal services until the issue is resolved. As a temporary workaround, consider limiting network access to the vCenter Server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.