Unsafe Deserialization Vulnerability in vCenter Server's PSC Allows Arbitrary Code Execution

Unsafe Deserialization Vulnerability in vCenter Server's PSC Allows Arbitrary Code Execution

CVE-2022-31680 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.

Learn more about our Cis Benchmark Audit For Server Software.