Severity level: Moderate
VMware has announced a new vulnerasbility with VMware Tools for Windows update addresses an XML External Entity (XXE) vulnerability (CVE-2022-22977)
An XML External Entity (XXE) vulnerability in VMware Tools for Windows was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products. To remediate CVE-2022-22977 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below:
Response Matrix
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| VMware Tools for Windows | 12.0.0, 11.x.y and 10.x.y | Windows | CVE-2022-22977 | 5.8 | Moderate | 12.0.5 | None | None |
For mor information please read the full advisory report: https://www.vmware.com/security/advisories/VMSA-2022-0015.html
Mo's Notes 