CVE-2022-22983: 
VMware Workstation Player vulnerability analysis and mitigation

VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability identified as CVE-2022-22983. The vulnerability was privately reported to VMware and disclosed on August 9, 2022. VMware has evaluated this issue to be in the Moderate severity range with a CVSS v3.1 base score of 5.9 (NVD CVSS, VMware Advisory).

The vulnerability is classified as an insufficiently protected credentials issue (CWE-522). It received a CVSS v3.1 base score of 5.9 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and user interaction, while potentially resulting in high confidentiality impact (NVD CVSS).

The vulnerability could lead to the disclosure of user passwords of the remote server connected through VMware Workstation. The impact is primarily focused on confidentiality, with no direct impact on integrity or availability of the system (VMware Advisory).

VMware has released version 16.2.4 to address this vulnerability. No workarounds are available, and users are advised to apply the security patch as soon as possible. The fix is available for VMware Workstation 16.x running on Windows systems (VMware Advisory).