This article encloses two announced security vulnerabilities with vCenter server.

VMSA-2022-0018 – VMware vCenter Server updates address a server-side

request forgery vulnerability (CVE-2022-22982)

Please see the advisory and the required security patches here:

https://www.vmware.com/security/advisories/VMSA-2022-0018.html

Impacted Products:

VMware vCenter Server (vCenter Server)

VMware Cloud Foundation (Cloud Foundation)

VMSA-2021-0025.2 – VMware vCenter Server updates address a privilege

escalation vulnerability (CVE-2021-22048)

Please see the updated advisory here:

https://www.vmware.com/security/advisories/VMSA-2021-0025.html

Changelog:

2022-07-12 VMSA-2021-0025.2

Added fixed version of vCenter Server 7.0 in the Response Matrix.