3. vCenter Server information disclosure vulnerability (CVE-2022-22948)
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.5.
customerconnect.vmware.com/downloads/details?downloadGroup=VC65U3R&productId=614&rPId=74057
customerconnect.vmware.com/downloads/details?downloadGroup=VC70U3D&productId=974&rPId=74352
customerconnect.vmware.com/en/downloads/details?downloadGroup=VC67U3P&productId=742&rPId=78421
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22948
docs.vmware.com/en/VMware-Cloud-Foundation/3.11/rn/VMware-Cloud-Foundation-311-Release-Notes.html
docs.vmware.com/en/VMware-Cloud-Foundation/4.4.1/rn/vmware-cloud-foundation-441-release-notes/index.html
docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u3r-release-notes.html
docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3p-release-notes.html
docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3d-release-notes.html
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N