CVE-2022-22948

Warning

EPSS 26.42%
Published 29.03.2022 18:15:08
Last modified 10.02.2025 19:01:58
Source security@vmware.com
Teams watchlist Login
Open Login

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

Affected products Warnungen 1 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Cloud Foundation Version >= 3.0 < 3.11

VMware ≫ Cloud Foundation Version >= 4.0 < 4.4.1

VMware ≫ Vcenter Server Version6.5 Update-

VMware ≫ Vcenter Server Version6.5 Updatea

VMware ≫ Vcenter Server Version6.5 Updateb

VMware ≫ Vcenter Server Version6.5 Updatec

VMware ≫ Vcenter Server Version6.5 Updated

VMware ≫ Vcenter Server Version6.5 Updatee

VMware ≫ Vcenter Server Version6.5 Updatef

VMware ≫ Vcenter Server Version6.5 Updateupdate1

VMware ≫ Vcenter Server Version6.5 Updateupdate1b

VMware ≫ Vcenter Server Version6.5 Updateupdate1c

VMware ≫ Vcenter Server Version6.5 Updateupdate1d

VMware ≫ Vcenter Server Version6.5 Updateupdate1e

VMware ≫ Vcenter Server Version6.5 Updateupdate1g

VMware ≫ Vcenter Server Version6.5 Updateupdate2

VMware ≫ Vcenter Server Version6.5 Updateupdate2b

VMware ≫ Vcenter Server Version6.5 Updateupdate2c

VMware ≫ Vcenter Server Version6.5 Updateupdate2d

VMware ≫ Vcenter Server Version6.5 Updateupdate2g

VMware ≫ Vcenter Server Version6.5 Updateupdate3

VMware ≫ Vcenter Server Version6.5 Updateupdate3d

VMware ≫ Vcenter Server Version6.5 Updateupdate3f

VMware ≫ Vcenter Server Version6.5 Updateupdate3k

VMware ≫ Vcenter Server Version6.5 Updateupdate3n

VMware ≫ Vcenter Server Version6.5 Updateupdate3p

VMware ≫ Vcenter Server Version6.5 Updateupdate3q

VMware ≫ Vcenter Server Version6.7 Update-

VMware ≫ Vcenter Server Version6.7 Updatea

VMware ≫ Vcenter Server Version6.7 Updateb

VMware ≫ Vcenter Server Version6.7 Updated

VMware ≫ Vcenter Server Version6.7 Updateupdate1

VMware ≫ Vcenter Server Version6.7 Updateupdate1b

VMware ≫ Vcenter Server Version6.7 Updateupdate2

VMware ≫ Vcenter Server Version6.7 Updateupdate2a

VMware ≫ Vcenter Server Version6.7 Updateupdate2c

VMware ≫ Vcenter Server Version6.7 Updateupdate3

VMware ≫ Vcenter Server Version6.7 Updateupdate3a

VMware ≫ Vcenter Server Version6.7 Updateupdate3b

VMware ≫ Vcenter Server Version6.7 Updateupdate3f

VMware ≫ Vcenter Server Version6.7 Updateupdate3g

VMware ≫ Vcenter Server Version6.7 Updateupdate3j

VMware ≫ Vcenter Server Version6.7 Updateupdate3l

VMware ≫ Vcenter Server Version6.7 Updateupdate3m

VMware ≫ Vcenter Server Version6.7 Updateupdate3n

VMware ≫ Vcenter Server Version6.7 Updateupdate3o

VMware ≫ Vcenter Server Version7.0 Update-

VMware ≫ Vcenter Server Version7.0 Updatea

VMware ≫ Vcenter Server Version7.0 Updateb

VMware ≫ Vcenter Server Version7.0 Updatec

VMware ≫ Vcenter Server Version7.0 Updated

VMware ≫ Vcenter Server Version7.0 Updateupdate1

VMware ≫ Vcenter Server Version7.0 Updateupdate1a

VMware ≫ Vcenter Server Version7.0 Updateupdate1c

VMware ≫ Vcenter Server Version7.0 Updateupdate1d

VMware ≫ Vcenter Server Version7.0 Updateupdate2

VMware ≫ Vcenter Server Version7.0 Updateupdate2a

VMware ≫ Vcenter Server Version7.0 Updateupdate2b

VMware ≫ Vcenter Server Version7.0 Updateupdate2c

VMware ≫ Vcenter Server Version7.0 Updateupdate2d

VMware ≫ Vcenter Server Version7.0 Updateupdate3

VMware ≫ Vcenter Server Version7.0 Updateupdate3a

VMware ≫ Vcenter Server Version7.0 Updateupdate3c

17.07.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

VMware vCenter Server Incorrect Default File Permissions Vulnerability

Vulnerability

VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	26.42%	0.961

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://www.vmware.com/security/advisories/VMSA-2022-0009.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22948

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22948

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22948

EUVD