CVE-2022-31707

2022-12-1616:15:21

[email protected]

web.nvd.nist.gov

vrops

privilege escalation

vulnerability

important severity

cve-2022-31707

nvd

vmware

cvssv3 base score 7.2

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.5%

JSON

vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.

Affected configurations

NVD

Node

vmwarevrealize_operationsRange8.6.0–8.6.4.20823815

vmwarevrealize_operationsMatch8.10.0

CPENameOperatorVersion
vmware:vrealize_operationsvmware vrealize operationslt8.6.4.20823815
vmware:vrealize_operationsvmware vrealize operationseq8.10.0

CPE	Name	Operator	Version
vmware:vrealize_operations	vmware vrealize operations	lt	8.6.4.20823815
vmware:vrealize_operations	vmware vrealize operations	eq	8.10.0

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "VMware vRealize Operations (vROps)",
    "versions": [
      {
        "version": "VMware vRealize Operations (vROps) (Multiple Versions)",
        "status": "affected"
      }
    ]
  }
]