CVE-2022-22948

Summary

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

Affected Software

VendorProductVersion RangeStatus
n/aVMware vCenter Server and VMware Cloud FoundationVMware vCenter Server (7.0 prior to 7.0 U3d, 6.7 prior to 6.7 U3p and 6.5 prior to 6.5 U3r) and VMware Cloud Foundation (4.x and 3.x prior to 3.11)affected

Weaknesses

  • Information disclosure vulnerability

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References