CISA Known Exploited Vulnerability (KEV)
VMware vCenter Server Incorrect Default File Permissions Vulnerability
July 17, 2024
August 7, 2024
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
Weakness Enumeration
| CWE-ID | CWE Name |
|---|---|
|
CWE-276 |
Incorrect Default Permissions |