OpenCVE

VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Workstation

Configuration 1 [-]

cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.vmware.com/security/advisories/VMSA-2022-0023.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2022-08-09T20:19:57

Updated: 2024-08-03T03:28:42.870Z

Reserved: 2022-01-10T00:00:00

Link: CVE-2022-22983

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-10T20:15:30.457

Modified: 2024-11-21T06:47:44.300

Link: CVE-2022-22983

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "VMware Workstation", "vendor": "n/a", "versions": [{"status": "affected", "version": "VMware Workstation (16.x prior to 16.2.4)"}]}], "descriptions": [{"lang": "en", "value": "VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation."}], "problemTypes": [{"descriptions": [{"description": "Unprotected storage of credentials vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-09T20:19:57", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.vmware.com/security/advisories/VMSA-2022-0023.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2022-22983", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VMware Workstation", "version": {"version_data": [{"version_value": "VMware Workstation (16.x prior to 16.2.4)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Unprotected storage of credentials vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://www.vmware.com/security/advisories/VMSA-2022-0023.html", "refsource": "MISC", "url": "https://www.vmware.com/security/advisories/VMSA-2022-0023.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:28:42.870Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.vmware.com/security/advisories/VMSA-2022-0023.html"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2022-22983", "datePublished": "2022-08-09T20:19:57", "dateReserved": "2022-01-10T00:00:00", "dateUpdated": "2024-08-03T03:28:42.870Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}