Detections
Analytics
VMware Cloud Foundation SDDC Manager Information Disclosure (VMSA-2022-0003)
medium Nessus Plugin ID 302872
Language:
Synopsis
A hybrid cloud platform on the remote host is affected by an information disclosure vulnerability.Description
The remote host is running a version of VMware Cloud Foundation prior to 3.11 or prior to 4.3.1.1.It is, therefore, affected by an information disclosure vulnerability:
- VMware Cloud Foundation contains an information disclosure vulnerability due to the logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade VMware Cloud Foundation to version 3.11 or 4.3.1.1 with Hotpatch KB87050 or later.See Also
https://www.vmware.com/security/advisories/VMSA-2022-0003.html
Plugin Details
Severity: Medium
ID: 302872
File Name: vmware_cloud_foundation_vmsa-2022-0003.nasl
Version: 1.2
Type: combined
Family: Misc.
Published: 3/18/2026
Updated: 3/19/2026
Configuration: Enable thorough checks (optional)
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4
Temporal Score: 3
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS Score Source: CVE-2022-22939
CVSS v3
Risk Factor: Medium
Base Score: 4.9
Temporal Score: 4.3
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:vmware:cloud_foundation
Required KB Items: installed_sw/VMware Cloud Foundation
Exploit Ease: No known exploits are available
Patch Publication Date: 1/29/2022
Vulnerability Publication Date: 1/29/2022
Reference Information
CVE: CVE-2022-22939
IAVA: 2022-A-0057