CVE-2024-22275

CWE-200 — Information Exposure3 documents3 sources

Severity

4.9MEDIUM

EPSS

11.7%

top 6.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Cloud Foundation Vmware Vcenter Server

Timeline

PublishedMay 21

Description

The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5vmware_vcenter_server8.0 — 8.0 U2b+1

▶CVEListV5vmware_cloud_foundation_(vcenter_server)5.x — 5.1.1+1

▶NVDvmware/vcenter_server7.0, 8.0+1

▶NVDvmware/cloud_foundation4.0 — 5.1.1

🔴Vulnerability Details

CVEList

CVE-2024-22275: The vCenter Server contains a partial file read vulnerability↗2024-05-21

▶

GHSA

GHSA-8rjh-f75w-mvh9: The vCenter Server contains a partial file read vulnerability↗2024-05-21

▶