CVE-2022-22948

6.5

CVSS
Medium

PUBLISHED

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative...

Exploited in the wild Remote Low complexity No user interaction

Vendor: VMware
Product: VMware vCenter Server and VMware Cloud Foundation
Published: Mar 29, 2022
EPSS: —

Description

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

cisa nessus_scanner

CVSS scores

CVSS v3.1 6.5 Medium

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2.0 4.0

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitation status

Exploited in the wild

Recorded 2024-07-17 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: total

References

https://www.vmware.com/security/advisories/VMSA-2022-0009.html

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Jul 17, 2024

Scanner integrations

Scanner	Reference	Detected
Nessus	https://www.tenable.com/plugins/nessus/159306	Jun 02, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

PenteraIO/CVE-2022-22948

github · Created 2021-10-17 09:59:20 UTC · 12 stars

Scanner for CVE-2022-22948 an Information Disclosure in VMWare vCenter

Vulnerability detail