CVE-2022-31675

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

7.5HIGH

EPSS

0.3%

top 47.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vrealize Operations

Timeline

PublishedAug 10

Latest updateAug 11

Description

VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDvmware/vrealize_operations8.0.0 — 8.6.4

▶CVEListV5vmware_vrealize_operationsVMware vRealize Operations (8.x prior to 8.6.4)

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-c3wc-hvmq-xmp6: VMware vRealize Operations contains an authentication bypass vulnerability↗2022-08-11

▶

CVEList

CVE-2022-31675: VMware vRealize Operations contains an authentication bypass vulnerability↗2022-08-09

▶

📋Vendor Advisories

VMware

VMware vRealize Operations contains multiple vulnerabilities↗2022-08-09

▶