CVE-2022-22948
published 2022-03-29CVE-2022-22948: The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2024-08-07
Exploited in the wild
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | cloud_foundation | >= 3.0 < 3.11 | 3.11 |
| vmware | cloud_foundation | >= 4.0 < 4.4.1 | 4.4.1 |
| vmware | vcenter_server | — | — |
| vmware | vcenter_server | — | — |
| vmware | vcenter_server | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vulncheck6.5MEDIUM
cisa6.5MEDIUM