VMSA-2024-0007

VMware Security Advisory

Moderate

Advisory ID:
VMSA-2024-0007

CVSSv3 Range:
4.3

Issue Date:
2024-03-07

Updated On:
2024-03-07 (Initial Advisory)

CVE(s):
CVE-2024-22256

Synopsis:
VMware Cloud Director updates address a partial information disclosure vulnerability (CVE-2024-22256).

1. Impacted Products

VMware Cloud Director

2. Introduction

A partial information disclosure vulnerability in VMware Cloud Director was privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

3. Partial Information Disclosure Vulnerability (CVE-2024-22256)

Description

VMware Cloud Director contains a partial information disclosure vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.

Known Attack Vectors

A malicious actor can potentially gather information about organization names based on the behavior of the instance.

Resolution

To remediate CVE-2024-22256 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Konrad Gawda of Orange Polska for reporting this vulnerability to us.

Response Matrix

Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation

VMware Cloud Director

10.5.1.1

Any

CVE-2024-22256

N/A

N/A

Unaffected

N/A

N/A

VMware Cloud Director

10.5.x

Any

CVE-2024-22256

4.3

moderate

10.5.1.1

N/A

N/A

VMware Cloud Director

10.4.x

Any

CVE-2024-22256

4.3

moderate

10.5.1.1

N/A

N/A

4. References

VMware Cloud Director
Downloads and Documentation:
https://customerconnect.vmware.com/en/downloads/info/slug/datacenter_cloud_infrastructure/vmware_cloud_director/10_5
https://docs.vmware.com/en/VMware-Cloud-Director/10.5.1.1/rn/vmware-cloud-director-10511-release-notes/index.html
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22256
FIRST CVSSv3 Calculator: CVE-2024-22256: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5. Change Log

2024-03-07 VMSA-2024-0007 Initial security advisory.

6. Contact

E-mail: security@vmware.com
PGP key at: https://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC
Copyright 2024 Broadcom. All rights reserved.

CLICK FOR MORE INFORMATION

Leave a Reply

Your email address will not be published. Required fields are marked *