# CVE-2022-22948

> The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

- **CVSS:** 6.5 (MEDIUM)
- **EPSS:** 26.0%
- **CISA KEV:** yes
- **CWE:** CWE-276

Canonical: https://intel.threadlinqs.com/cve/CVE-2022-22948
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp