CVE-2022-22948
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | VMware vCenter Server and VMware Cloud Foundation | VMware vCenter Server (7.0 prior to 7.0 U3d, 6.7 prior to 6.7 U3p and 6.5 prior to 6.5 U3r) and VMware Cloud Foundation (4.x and 3.x prior to 3.11) | affected |
Weaknesses
- Information disclosure vulnerability
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.