5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
34.8%
Vulnerabilities in VMware vCenter affect IBM Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities.
CVEID:CVE-2022-31697
**DESCRIPTION:**VMware vCenter Server could allow a local attacker to obtain sensitive information, caused by the logging of credentials in plaintext. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain passwords information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241825 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2022-31698
**DESCRIPTION:**VMware vCenter Server is vulnerable to a denial of service, caused by a flaw in the content library service. By sending a specially-crafted header, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241826 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Pak System | 2.3.3.0 - 2.3.3.5 (Intel) |
IBM Cloud Pak System Software Suite | 2.3.3.0 - 2.3.3.5 |
IBM Cloud Pak System | 2.3 |
In response to vulnerabilities found in VMware ESXi, Cloud Pak System provides new vCenter Image update to vCenter version 6.7.0 U3s with Cloud Pak System 2.3.3.6.
For IBM Cloud Pak System V2.3.0.1, v2.3.3.0, v.2.3.3.1, v.2.3.3.2, v.2.3.3.3, v2.3.3.3 iFix 1, v2.3.3.4, v2.3.3.5
upgrade to IBM Cloud Pak System v2.3.3.6
Information on upgrading can be found here: http://www.ibm.com/support/docview.wss?uid=ibm10887959.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak system software | eq | 2.3 |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
34.8%