CVE-2022-22948

critical-risk

Published 2022-03-29

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

Do I need to act?

!

26.0% chance of exploitation in next 30 days

EPSS score — higher than 74% of all CVEs

!

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

6

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Cloud Foundation

Vcenter Server

Vcenter Server

Vcenter Server

Vcenter Server

Vcenter Server

Vcenter Server

Vcenter Server

Vcenter Server

Vcenter Server

Vcenter Server

Vcenter Server

Vcenter Server

Vcenter Server

Vcenter Server

Vcenter Server

Vcenter Server

Vcenter Server

Vcenter Server

Vcenter Server

Affected Vendors

Vmware

References (3)

Patch https://www.vmware.com/security/advisories/VMSA-2022-0009.html

Patch https://www.vmware.com/security/advisories/VMSA-2022-0009.html

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-...

73

/ 100

critical-risk

Severity 24/34 · High

Exploitability 22/34 · High

Exposure 27/34 · High