CVE-2022-22948 : The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious act

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

Published 2022-03-29 18:15:08

Updated 2022-04-08 12:58:24

Source VMware

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2022-22948

Probability of exploitation activity in the next 30 days: 1.42%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-22948

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2022-22948

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-22948

https://www.vmware.com/security/advisories/VMSA-2022-0009.html

VMSA-2022-0009
Patch;Vendor Advisory

Products affected by CVE-2022-22948

Vmware » Vcenter Server » Version: 6.5 Update E
cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update C
cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update F
cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update B
cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update A
cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update D
cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update D
cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update A
cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update B
cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7
cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5
cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0
cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update A
cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update B
cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update C
cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update D
cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update1
cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update1b
cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update1c
cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update1d
cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update1e
cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update1g
cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update2
cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update2b
cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update2c
cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update2d
cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update2g
cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update3
cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update3d
cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update3f
cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update3k
cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update3n
cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update Update1
cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update Update1b
cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update Update2
cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update Update2a
cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update Update2c
cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update Update3
cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update Update3a
cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update Update3b
cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update Update3f
cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update Update3g
cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update Update3j
cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update Update3l
cpe:2.3:a:vmware:vcenter_server:6.7:update3l:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update Update3m
cpe:2.3:a:vmware:vcenter_server:6.7:update3m:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update1
cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update1a
cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update1c
cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update1d
cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update2
cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update2a
cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update3p
cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update Update3n
cpe:2.3:a:vmware:vcenter_server:6.7:update3n:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update2b
cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.5 Update Update3q
cpe:2.3:a:vmware:vcenter_server:6.5:update3q:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 6.7 Update Update3o
cpe:2.3:a:vmware:vcenter_server:6.7:update3o:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update2c
cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update2d
cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3
cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3a
cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*
Matching versions
Vmware » Vcenter Server » Version: 7.0 Update Update3c
cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*
Matching versions
Vmware » Cloud Foundation
Versions from including (>=) 3.0 and before (<) 3.11
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
Matching versions
Vmware » Cloud Foundation » Version: 3.11
cpe:2.3:a:vmware:cloud_foundation:3.11:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2022-22948

Exploit prediction scoring system (EPSS) score for CVE-2022-22948

CVSS scores for CVE-2022-22948

CWE ids for CVE-2022-22948

References for CVE-2022-22948

Products affected by CVE-2022-22948