PULSE
LIVE22signals / 24h
FEED
ransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomkrybit reclama a www.lagus.cz · CZ · Business Servicesransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomkrybit reclama a www.lagus.cz · CZ · Business Services
← All CVEs
CVE Watch

CVE-2022-22948

VMware vCenter Server Incorrect Default File Permissions Vulnerability

CVSS

No CVSS

EPSS

13.9%

p96

KEV

YES

Jul 17, 2024

Exploit Today

79

0-100

Published: · Last modified:

EPSS · 30d
13.9%EPSS · 30 days13.9%
2026-06-302026-07-16
KEV catalog record

Product

VMware / vCenter Server

Vulnerability

VMware vCenter Server Incorrect Default File Permissions Vulnerability

Added to KEV

Jul 17, 2024

Remediate by

Aug 7, 2024

Known ransomware use

No

Summary description

VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information.

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes

https://www.vmware.com/security/advisories/VMSA-2022-0009.html; https://nvd.nist.gov/vuln/detail/CVE-2022-22948

Related CVEs
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2021-21985
100.0%
KEV80VMware vCenter Server Improper Input Validation Vulnerability
CVE-2021-22005
100.0%
KEV80VMware vCenter Server File Upload Vulnerability
CVE-2023-34048
99.9%
KEV80VMware vCenter Server Out-of-Bounds Write Vulnerability
CVE-2021-21972
99.9%
KEV80VMware vCenter Server Remote Code Execution Vulnerability
CVE-2020-3952
99.8%
KEV80VMware vCenter Server Information Disclosure Vulnerability
CVE-2024-38812
98.9%
KEV80VMware vCenter Server Heap-Based Buffer Overflow Vulnerability