Severity level: Moderate

VMware has announced a new vulnerasbility with VMware Tools for Windows update addresses an XML External Entity (XXE) vulnerability (CVE-2022-22977)

An XML External Entity (XXE) vulnerability in VMware Tools for Windows was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products. To remediate CVE-2022-22977 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below:

Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Tools for Windows12.0.0, 11.x.y and 10.x.yWindowsCVE-2022-229775.8Moderate 12.0.5NoneNone

For mor information please read the full advisory report: https://www.vmware.com/security/advisories/VMSA-2022-0015.html

Advertisement