CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
40.5%
Vulnerabilities in VMware vCenter affect IBM Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities.
CVEID:CVE-2022-31697
**DESCRIPTION:**VMware vCenter Server could allow a local attacker to obtain sensitive information, caused by the logging of credentials in plaintext. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain passwords information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241825 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2022-31698
**DESCRIPTION:**VMware vCenter Server is vulnerable to a denial of service, caused by a flaw in the content library service. By sending a specially-crafted header, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241826 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Pak System | 2.3.3.0 - 2.3.3.5 (Intel) |
IBM Cloud Pak System Software Suite | 2.3.3.0 - 2.3.3.5 |
IBM Cloud Pak System | 2.3 |
In response to vulnerabilities found in VMware ESXi, Cloud Pak System provides new vCenter Image update to vCenter version 6.7.0 U3s with Cloud Pak System 2.3.3.6.
For IBM Cloud Pak System V2.3.0.1, v2.3.3.0, v.2.3.3.1, v.2.3.3.2, v.2.3.3.3, v2.3.3.3 iFix 1, v2.3.3.4, v2.3.3.5
upgrade to IBM Cloud Pak System v2.3.3.6
Information on upgrading can be found here: http://www.ibm.com/support/docview.wss?uid=ibm10887959.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | cloud_pak_system | 2.3 | cpe:2.3:a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
40.5%