CVE-2022-22948
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
AnalysisAI
The vCenter Server contains an information disclosure vulnerability due to improper permission of files.
Technical ContextAI
Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized. This vulnerability is classified as Incorrect Default Permissions (CWE-276).
RemediationAI
A vendor patch is available — apply it immediately. Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).
Same weakness CWE-276 – Incorrect Default Permissions
View allShare
External POC / Exploit Code
Leaving vuln.today