CVE-2024-22256

VMware Cloud Director contains a partial information disclosure vulnerability.A malicious actor can potentially gather information about organization names based on the behavior of the instance.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vmwareCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
vmwarecloud_director
10.4.0 ≤
𝑥
< 10.5.1.1
𝑥
= Vulnerable software versions
References
https://www.vmware.com/security/advisories/VMSA-2024-0007.html
https://www.vmware.com/security/advisories/VMSA-2024-0007.html