PT-2022-2184 · Vmware · Vmware Vcenter Server+1

Ul7Ravi0L3T

Published

2022-01-10

Updated

2025-07-29

CVE-2022-22948

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions VMware vCenter Server (affected versions not specified)

Description The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. The vulnerability is related to insufficient access control to the file /etc/vmware-vpx/vcdb.properties, which contains credentials in plain text.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Privilege Management

Incorrect Default Permissions

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-276CWE-319CWE-275CWE-264

Related Identifiers

BDU:2022-02210

CVE-2022-22948

Affected Products

Vmware Vcenter

Vmware Vcenter Server

PT-2022-2184 · Vmware · Vmware Vcenter Server+1

CVE-2022-22948

Weakness Enumeration

Related Identifiers

Affected Products

References · 28