Lucene search

VMwareVMSA-2022-0009

HistoryMar 29, 2022 - 12:00 a.m.

VMware vCenter Server updates address an information disclosure vulnerability (CVE-2022-22948)

2022-03-2900:00:00

www.vmware.com

158

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

3. vCenter Server information disclosure vulnerability (CVE-2022-22948)

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.5.

CPENameOperatorVersion
vcenter serverlt7.0 U3d
vcenter serverlt6.7 U3p
vcenter serverlt6.5 U3r
cloud foundation (vcenter server)eq4.x
cloud foundation (vcenter server)lt3.11

Name	Operator	Version
vcenter server	lt	7.0 U3d
vcenter server	lt	6.7 U3p
vcenter server	lt	6.5 U3r
cloud foundation (vcenter server)	eq	4.x
cloud foundation (vcenter server)	lt	3.11

References

customerconnect.vmware.com/downloads/details?downloadGroup=VC65U3R&productId=614&rPId=74057

customerconnect.vmware.com/downloads/details?downloadGroup=VC70U3D&productId=974&rPId=74352

customerconnect.vmware.com/en/downloads/details?downloadGroup=VC67U3P&productId=742&rPId=78421

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22948

docs.vmware.com/en/VMware-Cloud-Foundation/3.11/rn/VMware-Cloud-Foundation-311-Release-Notes.html

docs.vmware.com/en/VMware-Cloud-Foundation/4.4.1/rn/vmware-cloud-foundation-441-release-notes/index.html

docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u3r-release-notes.html

docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3p-release-notes.html

docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3d-release-notes.html

www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

Related for VMSA-2022-0009