CVE-2022-22939Log File Information Exposure in Vmware Cloud Foundation

CWE-532Log File Information Exposure4 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.5%
top 34.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Cloud FoundationVmware Cloud Foundation
Timeline
PublishedFeb 4
Latest updateFeb 11

Description

VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDvmware/cloud_foundation3.03.10.2.2+1
CVEListV5vmware/vmware_cloud_foundationVMware Cloud Foundation 4.x (before 4.3.1.1) and 3.x

🔴Vulnerability Details

2
GHSA
GHSA-95v7-jv4x-23ww: VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the2022-02-11
CVEList
CVE-2022-22939: VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the2022-02-04

📋Vendor Advisories

1
VMware
VMware Cloud Foundation contains an information disclosure vulnerability due to the logging of plaintext credentials within some log files.2022-01-31
CVE-2022-22939 — Log File Information Exposure | cvebase