Low
Share this page on social media
Sign up for Security Advisories
VMware HCX
An information disclosure vulnerability in VMware HCX was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
Description
VMware HCX contains an information disclosure vulnerability. VMware has evaluated the severity of this issue to be in the low severity range with a maximum CVSSv3 base score of 2.7.
Known Attack Vectors
A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information.
Resolution
To remediate CVE-2022-22953 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank Fernando Gallego of NCC Group for reporting this issue to us.
Response Matrix
Fixed Version(s) and Release Notes:
VMware HCX 4.3.3
Downloads and Documentation:
https://docs.vmware.com/en/VMware-HCX/4.3.3/rn/vmware-hcx-433-release-notes/index.html
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22953
FIRST CVSSv3 Calculator:
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2022-06-15 VMSA-2022-0017
Initial security advisory.
E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com
E-mail: security@vmware.com
PGP key at:
VMware Security Advisories
https://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Copyright 2022 VMware Inc. All rights reserved.