CVE-2022-31708

CWE-284 — Improper Access Control CWE-668 — Exposure to Wrong Sphere4 documents4 sources

Severity

4.9MEDIUM

EPSS

0.5%

top 34.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vrealize Operations

Timeline

PublishedDec 16

Latest updateDec 21

Description

vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5vmware_vrealize_operations_(vrops)VMware vRealize Operations (vROps) (Multiple Versions)

▶NVDvmware/vrealize_operations8.6.0 — 8.6.4.20823815+1

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-456v-qxqw-v893: vRealize Operations (vROps) contains a broken access control vulnerability↗2022-12-21

▶

CVEList

CVE-2022-31708: vRealize Operations (vROps) contains a broken access control vulnerability↗2022-12-16

▶

📋Vendor Advisories

VMware

VMware vRealize Operations (vROps) updates address privilege escalation vulnerabilities (CVE-2022-31707, CVE-2022-31708)↗2022-12-15

▶