
VMware vCenter Server is an advanced server management software that provides a centralized platform for controlling vSphere environments for visibility across hybrid clouds. You can quickly deploy vCenter Server as a pre-packaged, optimized, and easy-to-maintain virtual appliance. This article discusses “CVE-2022-22948: Patch available to address vCenter Server information disclosure vulnerability”. Please see How to schedule and join meetings with Microsoft Teams. Also, see how to find Dfs Referral Path and clear Dfs referral Cache.
Patch vCenter Server information disclosure vulnerability
The following disclosure vulnerability was reported to VMware by Yuval Lazar of Pentera. To remediate this vulnerability, apply the patch in the response matrix below as it applies to you.
The vCenter Server contains an information disclosure vulnerability due to improper permission of files.
VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.5.
Below are the affected products
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
However, An information disclosure vulnerability in VMware vCenter Server was privately reported to VMware. Furthermore, Updates are available to remediate this vulnerability in affected VMware products.
CVE-2022-22948 Known Attack Vectors
Moreover, a malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
Also, see how to fix “Network cable Unplugged: Fix VMware “Warning – Multiple default gateways are intended to provide redundancy to a single network“. Also, see how to fix “The process cannot access the file because another process has locked a portion of the file”.
Patch vCenter Server information disclosure vulnerability Resolution
Nonetheless, To remediate CVE-2022-22948. Apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below the response matrix.
Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
vCenter Server | 7.0 | Any | CVE-2022-22948 | 5.5 | Moderate | 7.0 U3d | None | None |
vCenter Server | 6.7 | Virtual Appliance | CVE-2022-22948 | 5.5 | Moderate | 6.7 U3p | None | None |
vCenter Server | 6.7 | Windows | CVE-2022-22948 | N/A | N/A | Unaffected | N/A | N/A |
vCenter Server | 6.5 | Virtual Appliance | CVE-2022-22948 | 5.5 | Moderate | 6.5 U3r | None | None |
vCenter Server | 6.5 | Windows | CVE-2022-22948 | N/A | N/A | Unaffected | N/A | N/A |
CVE-2022-22948: Impacted Product Suites that Deploy Response Matrix Components
Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
Cloud Foundation (vCenter Server) | 4.x | Any | CVE-2022-22948 | 5.5 | Moderate | Patch pending | None | None |
Cloud Foundation (vCenter Server) | 3.x | Any | CVE-2022-22948 | 5.5 | Moderate | 3.11 | None | None |
However, You may want to learn more about this disclosure. I hope you found this article useful on “CVE-2022-22948: Patch available to address vCenter Server information disclosure vulnerability”.