CVE-2022-31697

2022-12-1300:00:00

vmware

www.cve.org

vcenter server

information disclosure

plaintext passwords

AI Score

5.5

Confidence

High

EPSS

Percentile

12.8%

JSON

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "VMware vCenter Server, VMware Cloud Foundation",
    "versions": [
      {
        "version": "VMware (7.0 prior to 7.0 U3i, 6.7 prior to 6.7.0 U3s, 6.5 prior to 6.5 U3u), VMware Cloud Foundation (4.x, 3.x)",
        "status": "affected"
      }
    ]
  }
]

References

www.vmware.com/security/advisories/VMSA-2022-0030.html