Information security specialists report the detection of a severe vulnerability in VMware vCenter Server, the centralized management utility for VMware deployments. According to the report, successful exploitation of this flaw could result in a critical scenario for the affected systems.

Tracked as CVE-2022-22948, the vulnerability exists due to improper enforcement of default permissions for files in vCenter Server, which would allow local users with system access to view the contents of some files, potentially exposing sensitive information.

The vulnerability received a score of 3/10 according to the Common Vulnerability Scoring System (CVSS) and resides in all versions of VMware vCenter Server between v6.5 and v7.0 U31, mention computer security specialists.

At the moment no active exploitation attempts or the existence of a malware variant associated with the attack have been detected. In addition, the fact that local access to the affected system is required considerably reduces the risk of exploitation; still, VMware recommends users of affected deployments apply the available patches.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.