CVE-2022-31682

4 documents4 sources

Severity

4.9MEDIUM

EPSS

0.3%

top 46.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vrealize Operations

Timeline

PublishedOct 11

Latest updateOct 12

Description

VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5vmware_aria_operationsVMware Aria Operations 8.x

▶NVDvmware/vrealize_operations8.0 — 8.10

🔴Vulnerability Details

GHSA

GHSA-jjj6-j55h-4rvh: VMware Aria Operations contains an arbitrary file read vulnerability↗2022-10-12

▶

CVEList

CVE-2022-31682: VMware Aria Operations contains an arbitrary file read vulnerability↗2022-10-11

▶

📋Vendor Advisories

VMware

VMware vRealize Operations patches address an arbitrary file read vulnerability (CVE-2022-31682).↗2022-10-11

▶