What is CVE-2022-31678?

CVE-2022-31678 is a vulnerability in Vmware Cloud Foundation (Nsx-v). Published 2022-10-28.

Is CVE-2022-31678 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Vmware Cloud Foundation (Nsx-v)

CVE-2022-31678

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information d…

EPSS: 0.839 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a Vmware Cloud Foundation (Nsx-v) — versions 3.11

Public proof-of-concept exploits

20142995/nuclei-templates
cyb3r-w0lf/nuclei-template-collection

References

www.vmware.com/security/advisories/VMSA-2022-0027.html

Frequently asked questions

What is CVE-2022-31678?: CVE-2022-31678 is a vulnerability in Vmware Cloud Foundation (Nsx-v). Published 2022-10-28.
Is CVE-2022-31678 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.