VMware Releases Security Update for vCenter Server and Cloud Foundation

Security update addresses sensitive information disclosure in VMware vCenter

Threat ID:: CC-4067
Threat Severity:: Information only
Published:: 30 March 2022 1:01 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update addresses sensitive information disclosure in VMware vCenter

Affected platforms

The following platforms are known to be affected:

Versions: 7.0 - running on any platform, 6.7 - running on virtual appliance, 6.5 - running on virtual appliance

VMware vCenter Server

Versions: 4.x, 3.x

VMware Cloud Foundation

Threat details

Introduction

VMware has released important security updates to address an information disclosure vulnerability due to improper permission of files in vCenter Server. An attacker with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information and take control of a system.

Remediation advice

Affected organisations are encouraged to review VMware Security Advisory VMSA-2022-0009 and apply any relevant updates.

Definitive source of threat updates

https://www.vmware.com/security/advisories/VMSA-2022-0009.html

CVE Vulnerabilities

Status Published

CVE-2022-22948

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

Last edited: 30 March 2022 1:01 pm