VMSA-2022-0017

VMware HCX

An information disclosure vulnerability in VMware HCX was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

VMware HCX contains an information disclosure vulnerability. VMware has evaluated the severity of this issue to be in the low severity range with a maximum CVSSv3 base score of 2.7.

A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information.

To remediate CVE-2022-22953 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

None.

None.

None.

VMware would like to thank Fernando Gallego of NCC Group for reporting this issue to us.

Fixed Version(s) and Release Notes:

VMware HCX 4.3.3

Downloads and Documentation:

https://docs.vmware.com/en/VMware-HCX/4.3.3/rn/vmware-hcx-433-release-notes/index.html

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22953

FIRST CVSSv3 Calculator:

https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

2022-06-15 VMSA-2022-0017
Initial security advisory.

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce 

This Security Advisory is posted to the following lists:  

security-announce@lists.vmware.com  

bugtraq@securityfocus.com  

fulldisclosure@seclists.org 

E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055 

VMware Security Advisories

https://www.vmware.com/security/advisories 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security 

Twitter

https://twitter.com/VMwareSRC

Copyright 2022 VMware Inc. All rights reserved.