CVE-2022-31673

CWE-668 — Exposure to Wrong Sphere4 documents4 sources

Severity

8.8HIGH

EPSS

3.8%

top 11.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vrealize Operations

Timeline

PublishedAug 10

Latest updateAug 11

Description

VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDvmware/vrealize_operations8.0.0 — 8.6.4

▶CVEListV5vmware_vrealize_operationsVMware vRealize Operations (8.x prior to 8.6.4)

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-vw2x-rp6v-f32f: VMware vRealize Operations contains an information disclosure vulnerability↗2022-08-11

▶

CVEList

CVE-2022-31673: VMware vRealize Operations contains an information disclosure vulnerability↗2022-08-09

▶

📋Vendor Advisories

VMware

VMware vRealize Operations contains multiple vulnerabilities↗2022-08-09

▶