Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-22948: VMSA-2022-0009

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

CVE
Open in Source
#vulnerability#windows

Advisory ID: VMSA-2022-0009

CVSSv3 Range: 5.5

Issue Date: 2022-03-29

Updated On: 2022-03-29 (Initial Advisory)

CVE(s): CVE-2022-22948

Synopsis: VMware vCenter Server updates address an information disclosure vulnerability (CVE-2022-22948)

Share this page on social media

Sign up for Security Advisories

****1. Impacted Products****

  • VMware vCenter Server (vCenter Server)

  • VMware Cloud Foundation (Cloud Foundation)

****2. Introduction****

An information disclosure vulnerability in VMware vCenter Server was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

****3. vCenter Server information disclosure vulnerability (CVE-2022-22948)****

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.5.

A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

To remediate CVE-2022-22948 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

VMware would like to thank Yuval Lazar (@Ul7raVi0l3t) of Pentera for reporting this issue to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

vCenter Server

7.0

Any

CVE-2022-22948

5.5

moderate

7.0 U3d

None

None

vCenter Server

6.7

Virtual Appliance

CVE-2022-22948

5.5

moderate

6.7 U3p

None

None

vCenter Server

6.7

Windows

CVE-2022-22948

N/A

N/A

Unaffected

N/A

N/A

vCenter Server

6.5

Virtual Appliance

CVE-2022-22948

5.5

moderate

6.5 U3r

None

None

vCenter Server

6.5

Windows

CVE-2022-22948

N/A

N/A

Unaffected

N/A

N/A

Impacted Product Suites that Deploy Response Matrix Components:

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Cloud Foundation (vCenter Server)

4.x

Any

CVE-2022-22948

5.5

moderate

Patch pending

None

None

Cloud Foundation (vCenter Server)

3.x

Any

CVE-2022-22948

5.5

moderate

3.11

None

None

****4. References****

****5. Change Log****

2022-03-29 VMSA-2022-0009
Initial security advisory.

****6. Contact****

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE