CVE-2022-23235

Name of the Vulnerable Software and Affected Versions Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1

Description The issue is related to the insufficient protection of service data in the AutoSupport mechanism, which could allow an attacker to discover sensitive information, including cluster, node, and Active IQ Unified Manager specific data, via AutoSupport telemetry data. This data is sent even when AutoSupport has been disabled. An attacker could exploit this to gain unauthorized access to protected information.

Recommendations For versions prior to 9.10P1, update to version 9.10P1 or later to resolve the issue. As a temporary workaround, consider disabling the AutoSupport feature until a patch is available. Restrict access to the AutoSupport telemetry data to minimize the risk of exploitation.