Information Disclosure Vulnerability in VMware vRealize Operations
CVE-2022-31673

8.8HIGH

Key Information:

Vendor: Vmware
Status: Vmware Vrealize Operations
Vendor: CVE Published:; 10 August 2022

Summary

VMware vRealize Operations is affected by an information disclosure vulnerability that could be exploited by low-privileged attackers with network access. Through this vulnerability, an attacker can generate and leak hex dumps, which may lead to the exposure of sensitive information. While the immediate threat involves data leakage, successful exploitation could potentially pave the way for more severe attacks, including remote code execution. It is crucial for organizations using VMware vRealize Operations to be aware of this vulnerability and take the necessary steps to mitigate associated risks.

Affected Version(s)

VMware vRealize Operations VMware vRealize Operations (8.x prior to 8.6.4)

References

https://www.vmware.com/security/advisories/VMSA-2022-0022...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 10, 2022
Vulnerability Reserved
May 25, 2022