Severity
Medium
Analysis Summary
CVE-2022-22948
VMware vCenter Server and Cloud Foundation could allow a local authenticated attacker to obtain sensitive information, caused by improper permissions of files. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-22948
Affected Vendors
VMware
Affected Products
- VMware vCenter Server 6.5
- VMware vCenter Server 6.7
- VMware Cloud Foundation 3.0
- VMware Cloud Foundation 4.0
Remediation
Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.