Headline
CVE-2022-22953: VMSA-2022-0017
VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information.
Advisory ID: VMSA-2022-0017
CVSSv3 Range: 2.7
Issue Date: 2022-06-15
Updated On: 2022-06-15 (Initial Advisory)
CVE(s): CVE-2022-22953
Synopsis: VMware HCX update addresses an information disclosure vulnerability (CVE-2022-22953)
Share this page on social media
Sign up for Security Advisories
****1. Impacted Products****
****2. Introduction****
An information disclosure vulnerability in VMware HCX was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
****3. Advisory Details****
VMware HCX contains an information disclosure vulnerability. VMware has evaluated the severity of this issue to be in the low severity range with a maximum CVSSv3 base score of 2.7.
A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information.
To remediate CVE-2022-22953 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
VMware would like to thank Fernando Gallego of NCC Group for reporting this issue to us.
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
VMware HCX
4.3.1 and 4.3.2
Any
CVE-2022-22953
2.7
low
4.3.3
None
None
****4. References****
****5. Change Log****
2022-06-15 VMSA-2022-0017
Initial security advisory.
****6. Contact****