Skip to main content

Vrealize Operations CVE-2022-31708

MEDIUM
Improper Access Control (CWE-284)
2022-12-16 security@vmware.com
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 16, 2022 - 16:15 nvd
MEDIUM 4.9

DescriptionNVD

vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.

AnalysisAI

vRealize Operations (vROps) contains a broken access control vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-284. vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4. Affected products include: Vmware Vrealize Operations.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-7457 CRITICAL
10.0 Dec 29

VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt an

CVE-2020-3943 CRITICAL
9.8 Feb 19

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is

CVE-2016-7462 HIGH
8.5 Dec 29

The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write

CVE-2023-20877 HIGH
8.8 May 12

VMware Aria Operations contains a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability

CVE-2023-20856 HIGH
8.8 Feb 01

VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerabil

CVE-2022-31673 HIGH
8.8 Aug 10

VMware vRealize Operations contains an information disclosure vulnerability. Rated high severity (CVSS 8.8), this vulner

CVE-2020-3944 HIGH
8.6 Feb 19

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store conf

CVE-2022-31675 HIGH
7.5 Aug 10

VMware vRealize Operations contains an authentication bypass vulnerability. Rated high severity (CVSS 7.5), this vulnera

CVE-2020-3945 HIGH
7.5 Feb 19

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosu

CVE-2023-20878 HIGH
7.2 May 12

VMware Aria Operations contains a deserialization vulnerability. Rated high severity (CVSS 7.2), this vulnerability is r

CVE-2022-31707 HIGH
7.2 Dec 16

vRealize Operations (vROps) contains a privilege escalation vulnerability. Rated high severity (CVSS 7.2), this vulnerab

CVE-2022-31672 HIGH
7.2 Aug 10

VMware vRealize Operations contains a privilege escalation vulnerability. Rated high severity (CVSS 7.2), this vulnerabi

Share

CVE-2022-31708 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy