3a. VMware vRealize Operations (vROps) privilege escalation vulnerability (CVE-2022-31707)
vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
3b. VMware vRealize Operations (vROps) contains an access control vulnerability (CVE-2022-31708)
vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
customerconnect.vmware.com/en/downloads/info/slug/infrastructure_operations_management/vmware_vrealize_operations/8_10
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31707
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31708
docs.vmware.com/en/vRealize-Operations/8.10.1/rn/vrealize-operations-8101-release-notes/index.html
docs.vmware.com/en/vRealize-Operations/8.10/rn/vrealize-operations-810-release-notes/index.html
kb.vmware.com/s/article/90232
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H