First published: Tue Mar 29 2022(Updated: )
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
Credit: security@vmware.com security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware vCenter | ||
VMware vCenter Server and Cloud Foundation | >=3.0<3.11 | |
VMware vCenter Server and Cloud Foundation | =3.11 | |
VMware vCenter | =6.5 | |
VMware vCenter | =6.5-a | |
VMware vCenter | =6.5-b | |
VMware vCenter | =6.5-c | |
VMware vCenter | =6.5-d | |
VMware vCenter | =6.5-e | |
VMware vCenter | =6.5-f | |
VMware vCenter | =6.5-update1 | |
VMware vCenter | =6.5-update1b | |
VMware vCenter | =6.5-update1c | |
VMware vCenter | =6.5-update1d | |
VMware vCenter | =6.5-update1e | |
VMware vCenter | =6.5-update1g | |
VMware vCenter | =6.5-update2 | |
VMware vCenter | =6.5-update2b | |
VMware vCenter | =6.5-update2c | |
VMware vCenter | =6.5-update2d | |
VMware vCenter | =6.5-update2g | |
VMware vCenter | =6.5-update3 | |
VMware vCenter | =6.5-update3d | |
VMware vCenter | =6.5-update3f | |
VMware vCenter | =6.5-update3k | |
VMware vCenter | =6.5-update3n | |
VMware vCenter | =6.5-update3p | |
VMware vCenter | =6.5-update3q | |
VMware vCenter | =6.7 | |
VMware vCenter | =6.7-a | |
VMware vCenter | =6.7-b | |
VMware vCenter | =6.7-d | |
VMware vCenter | =6.7-update1 | |
VMware vCenter | =6.7-update1b | |
VMware vCenter | =6.7-update2 | |
VMware vCenter | =6.7-update2a | |
VMware vCenter | =6.7-update2c | |
VMware vCenter | =6.7-update3 | |
VMware vCenter | =6.7-update3a | |
VMware vCenter | =6.7-update3b | |
VMware vCenter | =6.7-update3f | |
VMware vCenter | =6.7-update3g | |
VMware vCenter | =6.7-update3j | |
VMware vCenter | =6.7-update3l | |
VMware vCenter | =6.7-update3m | |
VMware vCenter | =6.7-update3n | |
VMware vCenter | =6.7-update3o | |
VMware vCenter | =7.0 | |
VMware vCenter | =7.0-a | |
VMware vCenter | =7.0-b | |
VMware vCenter | =7.0-c | |
VMware vCenter | =7.0-d | |
VMware vCenter | =7.0-update1 | |
VMware vCenter | =7.0-update1a | |
VMware vCenter | =7.0-update1c | |
VMware vCenter | =7.0-update1d | |
VMware vCenter | =7.0-update2 | |
VMware vCenter | =7.0-update2a | |
VMware vCenter | =7.0-update2b | |
VMware vCenter | =7.0-update2c | |
VMware vCenter | =7.0-update2d | |
VMware vCenter | =7.0-update3 | |
VMware vCenter | =7.0-update3a | |
VMware vCenter | =7.0-update3c | |
VMware vCenter Server and Cloud Foundation | >=4.0<4.4.1 |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-22948 has a high severity rating due to its potential for information disclosure by malicious actors.
To fix CVE-2022-22948, it is recommended to update the VMware vCenter Server to the latest version provided by VMware.
CVE-2022-22948 is classified as an information disclosure vulnerability due to improper permissions on files.
CVE-2022-22948 affects users of VMware vCenter Server and Cloud Foundation who have non-administrative access.
Exploiting CVE-2022-22948 could allow attackers to gain unauthorized access to sensitive information within the vCenter Server.