CVE-2022-22948 — VMware vCenter Server Incorrect Default File Permissions Vulnerability

2024-07-17 • CISA Known Exploited Vulnerability

[event] VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information.

> AFFECTED SOFTWARE

Field	Value
Vendor	VMware
Product	vCenter Server
CWE	CWE-276
CVE ID	CVE-2022-22948
Date Added	2024-07-17
Due Date	2024-08-07
Ransomware Campaign	Unknown

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-08-07

> REFERENCES

[1] https://www.vmware.com/security/advisories/VMSA-2022-0009.html
[2] https://nvd.nist.gov/vuln/detail/CVE-2022-22948