VMware issued patches to address a code execution vulnerability, tracked as CVE-2022-31680 with CVSS score of 7.2 in vCenter Server.
The security issue is an unsafe deserialization vulnerability that resides in the platform services controller and impacts only vCenter Server 6.5 with an external PSC, it was addressed with the release of VMware vCenter Server 6.5 U3u.
VMware also addressed a a null-pointer dereference vulnerability, tracked as CVE-2022-31681 with a CVSS score 3.8, in the VMware ESXi bare metal hypervisor.
A hacker with privileges within the VMX process only, may create a denial of service condition on the host.
The vulnerability is been addressed with the release of ESXi70U3sf-20036586, ESXi670-202210101-SG, and ESXi650-202210101-SG versions.
VMware is not aware of attacks in the wild exploiting the above vulnerabilities