CVE-2022-31707

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

7.2HIGH

EPSS

0.9%

top 24.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vrealize Operations

Timeline

PublishedDec 16

Latest updateDec 21

Description

vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5vmware_vrealize_operations_(vrops)VMware vRealize Operations (vROps) (Multiple Versions)

▶NVDvmware/vrealize_operations8.6.0 — 8.6.4.20823815+1

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-wf52-hx48-jm6v: vRealize Operations (vROps) contains a privilege escalation vulnerability↗2022-12-21

▶

CVEList

CVE-2022-31707: vRealize Operations (vROps) contains a privilege escalation vulnerability↗2022-12-16

▶

📋Vendor Advisories

VMware

VMware vRealize Operations (vROps) updates address privilege escalation vulnerabilities (CVE-2022-31707, CVE-2022-31708)↗2022-12-15

▶