Broken Access Control in VMware vRealize Operations
CVE-2022-31708

4.9MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Vrealize Operations (vrops)
Vendor: CVE Published:; 16 December 2022

Summary

VMware vRealize Operations is affected by a broken access control vulnerability that may allow an attacker to gain unauthorized access to sensitive information or functionality. This flaw arises when the application improperly verifies user permissions, thereby enabling malicious users to exploit unauthorized access paths. It is crucial for organizations using vRealize Operations to apply the latest security updates to mitigate potential risks associated with this vulnerability.

Affected Version(s)

VMware vRealize Operations (vROps) VMware vRealize Operations (vROps) (Multiple Versions)

References

https://www.vmware.com/security/advisories/VMSA-2022-0034...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2022
Vulnerability Reserved
May 25, 2022