CVE-2022-31673

2022-08-1020:15:44

vmware

web.nvd.nist.gov

cve-2022-31673

vmware

vrealize operations

information disclosure

vulnerability

network access

remote code execution

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.003

Percentile

68.4%

JSON

VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.

Affected configurations

Nvd

Node

vmwarevrealize_operationsRange8.0.0–8.6.4

VendorProductVersionCPE
vmwarevrealize_operations*cpe:2.3:a:vmware:vrealize_operations:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	vrealize_operations	*	cpe:2.3:a:vmware:vrealize_operations::::::::

CNA Affected

[
  {
    "product": "VMware vRealize Operations",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VMware vRealize Operations (8.x prior to 8.6.4)"
      }
    ]
  }
]