CVE-2022-38650
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Existe una vulnerabilidad de deserialización insegura remota no autenticada en VMware Hyperic Server 5.8.6. La explotación de esta vulnerabilidad permite a una parte malintencionada ejecutar código arbitrario o malware dentro del servidor Hyperic y el sistema operativo host con los privilegios del proceso del servidor Hyperic. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2022-08-22 CVE Reserved
- 2022-11-12 CVE Published
- 2024-06-04 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.cyber.gov.au/acsc/view-all-content/alerts/multiple-vulnerabilities-vmware-vrealize-hyperic-monitoring-and-performance-management-product | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Hyperic Server Search vendor "Vmware" for product "Hyperic Server" | 5.8.6 Search vendor "Vmware" for product "Hyperic Server" and version "5.8.6" | - |
Affected
| ||||||