Lucene search

[email protected]CVE-2022-31697

HistoryDec 13, 2022 - 4:15 p.m.

CVE-2022-31697

2022-12-1316:15:19

CWE-312

[email protected]

web.nvd.nist.gov

103

vcenter server

cve-2022-31697

information disclosure

plaintext password

vulnerability

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.

Affected configurations

NVD

Node

vmwarevcenter_serverMatch6.5-

vmwarevcenter_serverMatch6.5a

vmwarevcenter_serverMatch6.5b

vmwarevcenter_serverMatch6.5c

vmwarevcenter_serverMatch6.5d

vmwarevcenter_serverMatch6.5update1

vmwarevcenter_serverMatch6.5update1b

vmwarevcenter_serverMatch6.5update1d

vmwarevcenter_serverMatch6.5update1e

vmwarevcenter_serverMatch6.5update1g

vmwarevcenter_serverMatch6.5update2

vmwarevcenter_serverMatch6.5update2b

vmwarevcenter_serverMatch6.5update2c

vmwarevcenter_serverMatch6.5update2d

vmwarevcenter_serverMatch6.5update2g

vmwarevcenter_serverMatch6.5update3

vmwarevcenter_serverMatch6.5update3d

vmwarevcenter_serverMatch6.5update3f

vmwarevcenter_serverMatch6.5update3k

vmwarevcenter_serverMatch6.5update3n

vmwarevcenter_serverMatch6.5update3p

vmwarevcenter_serverMatch6.5update3q

vmwarevcenter_serverMatch6.5update3r

vmwarevcenter_serverMatch6.5update3s

vmwarevcenter_serverMatch6.5update3t

vmwarevcenter_serverMatch6.7-

vmwarevcenter_serverMatch6.7a

vmwarevcenter_serverMatch6.7b

vmwarevcenter_serverMatch6.7c

vmwarevcenter_serverMatch6.7d

vmwarevcenter_serverMatch6.7update1

vmwarevcenter_serverMatch6.7update1b

vmwarevcenter_serverMatch6.7update2

vmwarevcenter_serverMatch6.7update2a

vmwarevcenter_serverMatch6.7update2c

vmwarevcenter_serverMatch6.7update3

vmwarevcenter_serverMatch6.7update3a

vmwarevcenter_serverMatch6.7update3b

vmwarevcenter_serverMatch6.7update3f

vmwarevcenter_serverMatch6.7update3g

vmwarevcenter_serverMatch6.7update3j

vmwarevcenter_serverMatch6.7update3l

vmwarevcenter_serverMatch6.7update3m

vmwarevcenter_serverMatch6.7update3n

vmwarevcenter_serverMatch6.7update3o

vmwarevcenter_serverMatch6.7update3p

vmwarevcenter_serverMatch6.7update3q

vmwarevcenter_serverMatch6.7update3r

vmwarevcenter_serverMatch7.0-

vmwarevcenter_serverMatch7.0a

vmwarevcenter_serverMatch7.0b

vmwarevcenter_serverMatch7.0c

vmwarevcenter_serverMatch7.0d

vmwarevcenter_serverMatch7.0update1

vmwarevcenter_serverMatch7.0update1a

vmwarevcenter_serverMatch7.0update1c

vmwarevcenter_serverMatch7.0update2

vmwarevcenter_serverMatch7.0update2a

vmwarevcenter_serverMatch7.0update2b

vmwarevcenter_serverMatch7.0update2c

vmwarevcenter_serverMatch7.0update2d

vmwarevcenter_serverMatch7.0update3

vmwarevcenter_serverMatch7.0update3a

vmwarevcenter_serverMatch7.0update3c

vmwarevcenter_serverMatch7.0update3d

vmwarevcenter_serverMatch7.0update3e

vmwarevcenter_serverMatch7.0update3f

vmwarevcenter_serverMatch7.0update3g

vmwarevcenter_serverMatch7.0update3h

Node

vmwarecloud_foundationRange3.0≥

CPENameOperatorVersion
vmware:vcenter_servervmware vcenter servereq6.5
vmware:vcenter_servervmware vcenter servereq6.7
vmware:vcenter_servervmware vcenter servereq7.0

CPE	Name	Operator	Version
vmware:vcenter_server	vmware vcenter server	eq	6.5
vmware:vcenter_server	vmware vcenter server	eq	6.7
vmware:vcenter_server	vmware vcenter server	eq	7.0

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "VMware vCenter Server, VMware Cloud Foundation",
    "versions": [
      {
        "version": "VMware (7.0 prior to 7.0 U3i, 6.7 prior to 6.7.0 U3s, 6.5 prior to 6.5 U3u), VMware Cloud Foundation (4.x, 3.x)",
        "status": "affected"
      }
    ]
  }
]