VMwareVMSA-2022-0034VMware vRealize Operations (vROps) updates address privilege escalation vulnerabilities (CVE-2022-31707, CVE-2022-31708)
3a. VMware vRealize Operations (vROps) privilege escalation vulnerability (CVE-2022-31707)
vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
3b. VMware vRealize Operations (vROps) contains an access control vulnerability (CVE-2022-31708)
vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vmware vrealize operations (vrops) | lt | 8.10.1 | |
| vmware vrealize operations (vrops) | eq | 8.6.x |
References
customerconnect.vmware.com/en/downloads/info/slug/infrastructure_operations_management/vmware_vrealize_operations/8_10
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31707
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31708
docs.vmware.com/en/vRealize-Operations/8.10.1/rn/vrealize-operations-8101-release-notes/index.html
docs.vmware.com/en/vRealize-Operations/8.10/rn/vrealize-operations-810-release-notes/index.html
kb.vmware.com/s/article/90232
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Related
