{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-22272","assignerOrgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","state":"PUBLISHED","assignerShortName":"vmware","dateReserved":"2024-01-08T18:43:18.957Z","datePublished":"2024-06-27T20:22:17.660Z","dateUpdated":"2024-12-02T17:41:22.527Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"VMware Cloud Director","vendor":"N/A","versions":[{"status":"affected","version":"VMware Cloud Director 10.5.x, VMware Cloud Director 10.4.x"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\nVMware Cloud Director contains an Improper Privilege Management vulnerability. \n\n\nAn authenticated tenant administrator for a\n given organization within VMware Cloud Director may be able to \naccidentally disable their organization leading to a Denial of Service \nfor active sessions within their own organization's scope.\n\n"}],"value":"VMware Cloud Director contains an Improper Privilege Management vulnerability. \n\n\nAn authenticated tenant administrator for a\n given organization within VMware Cloud Director may be able to \naccidentally disable their organization leading to a Denial of Service \nfor active sessions within their own organization's scope."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":4.9,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"description":"Improper Privilege Management","lang":"en"}]}],"providerMetadata":{"orgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","shortName":"vmware","dateUpdated":"2024-06-27T20:22:17.660Z"},"references":[{"url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24371"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-862","lang":"en","description":"CWE-862 Missing Authorization"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-02T18:58:12.318931Z","id":"CVE-2024-22272","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-02T17:41:22.527Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T22:43:34.148Z"},"title":"CVE Program Container","references":[{"url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24371","tags":["x_transferred"]}]}]}}