VMware Patches Sensitive Information Disclosure...

VMware Patches Sensitive Information Disclosure Vulnerability in vCenter Server (CVE-2022-22948)

On March 29, VMware patched a moderate severity flaw in VMware vCenter Server, its centralized management software for VMware vSphere cloud computing virtualization systems

The flaw, identified as CVE-2022-22948, is an information disclosure vulnerability. An authenticated, local attacker with low-privileged user access could exploit the flaw to obtain sensitive information from the vCenter Server. While not considered severe on its own, when included as part of an attack chain with other VMware vCenter exploits, it could result in a full server takeover.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

VMware Patches Sensitive Information Disclosure...

Recent Discussions

Frequently Asked Questions About Notepad++ Supply Chain Compromise

Ivanti Endpoint Manager Mobile Zero-Days Exploited (CVE-2026-1281, CVE-2026-1340)

Oracle January 2026 Critical Patch Update Addresses 158 CVEs

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

Americas

Europe

Asia / Australia