CVE-2022-31681 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
vmware	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 20%

Vendor	Product	Version
vmware	cloud_foundation	4.2 ≤ 𝑥 < 4.3.1.1
vmware	cloud_foundation	4.4
vmware	cloud_foundation	4.4.1
vmware	cloud_foundation	4.4.1.1
vmware	esxi	𝑥 < 7.0
vmware	esxi	7.0
vmware	esxi	7.0:beta
vmware	esxi	7.0:update_1
vmware	esxi	7.0:update_1a
vmware	esxi	7.0:update_1b
vmware	esxi	7.0:update_1c
vmware	esxi	7.0:update_1d
vmware	esxi	7.0:update_1e
vmware	esxi	7.0:update_2
vmware	esxi	7.0:update_2a
vmware	esxi	7.0:update_2c
vmware	esxi	7.0:update_2d
vmware	esxi	7.0:update_2e
vmware	esxi	7.0:update_3c
vmware	esxi	7.0:update_3d
vmware	esxi	7.0:update_3e

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://www.vmware.com/security/advisories/VMSA-2022-0025.html

https://www.vmware.com/security/advisories/VMSA-2022-0025.html