If you use VMWare vCloudDirector administration tool for managing your virtualization datacenter, you should be aware of the following vulnerability and patch your systems.
“An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server,” VMware said in an advisory.
CVE-2022-22966 has a CVSS score of 9.1 out of 10.
Upgrading to version VMWARE Cloud Director version 10.1.4.1, 10.2.2.3 or 10.3.3 eliminates this vulnerability. The upgrade is hosted for download at kb.vmware.com.
If upgrading to a recommended version is not an option, you may apply this workaround for CVE-2022-22966 in 9.7, 10.0, 10.1, 10.2 and 10.3
See more details at: