Moderate
VMSA-2024-0007
4.3
2024-03-07
2024-03-07 (Initial Advisory)
CVE-2024-22256
VMware Cloud Director updates address a partial information disclosure vulnerability (CVE-2024-22256).
1. Impacted Products
VMware Cloud Director
2. Introduction
A partial information disclosure vulnerability in VMware Cloud Director was privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
3. Partial Information Disclosure Vulnerability (CVE-2024-22256)
Description
VMware Cloud Director contains a partial information disclosure vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.
Known Attack Vectors
A malicious actor can potentially gather information about organization names based on the behavior of the instance.
Resolution
To remediate CVE-2024-22256 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank Konrad Gawda of Orange Polska for reporting this vulnerability to us.
Response Matrix
Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
VMware Cloud Director | 10.5.1.1 | Any | CVE-2024-22256 | N/A | N/A | Unaffected | N/A | N/A |
VMware Cloud Director | 10.5.x | Any | CVE-2024-22256 | moderate
| N/A | N/A | ||
VMware Cloud Director | 10.4.x | Any | CVE-2024-22256 | moderate
| N/A | N/A |
4. References
VMware Cloud Director
Downloads and Documentation:
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22256
FIRST CVSSv3 Calculator:
CVE-2024-22256: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5. Change Log
2024-03-07 VMSA-2024-0007
Initial security advisory.
6. Contact
E-mail: security@vmware.com
PGP key at:
https://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Twitter
https://twitter.com/VMwareSRC
Copyright 2024 Broadcom. All rights reserved.
Read full article (vmware.com)
All content and images belong to their respected owners, this article is curated for informational purposes only.