CVE-2022-31697
published 2022-12-13CVE-2022-31697: The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | cloud_foundation | >= 3.0 | — |
| vmware | vcenter_server | — | — |
| vmware | vcenter_server | — | — |
| vmware | vcenter_server | — | — |