Information Disclosure Vulnerability in VMware vCenter Server
CVE-2022-31697

5.5MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Vcenter Server, Vmware Cloud Foundation
Vendor: CVE Published:; 13 December 2022

Summary

The vCenter Server has a vulnerability that exposes sensitive information by logging credentials in plaintext. If a malicious actor gains access to a workstation that performs specific operations like Install, Upgrade, Migrate, or Restore using a vCenter Server Appliance ISO, they can potentially retrieve plaintext passwords recorded during these procedures. This issue highlights the importance of securing access to workstations and monitoring the logging configurations to prevent unauthorized access to sensitive information.

Affected Version(s)

VMware vCenter Server, VMware Cloud Foundation VMware (7.0 prior to 7.0 U3i, 6.7 prior to 6.7.0 U3s, 6.5 prior to 6.5 U3u), VMware Cloud Foundation (4.x, 3.x)

References

https://www.vmware.com/security/advisories/VMSA-2022-0030...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
May 25, 2022