Multiple vulnerabilities in VMware vRealize Operations (vROps)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2022-31707 CVE-2022-31708 |
| CWE-ID | CWE-269 CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
VMware Aria Operations (formerly vRealize Operations) Client/Desktop applications / Virtualization software |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper Privilege Management
EUVDB-ID: #VU70387
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-31707
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improper privilege management within the configuration of CaSA. A remote user with administrative privileges in the vROps application can gain root access on the underlying operating system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware Aria Operations (formerly vRealize Operations): 8.0.0 - 8.10
CPE2.3- cpe:2.3:a:vmware:aria_operations:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:aria_operations:8.10:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:aria_operations:8.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:aria_operations:8.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:aria_operations:8.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:aria_operations:8.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:aria_operations:8.6.4:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2022-0034.html
https://kb.vmware.com/s/article/90232
https://www.zerodayinitiative.com/advisories/ZDI-23-054/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU70388
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-31708
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to improper access restrictions within the configuration of CaSA. A remote user with admin privileges in the vROps application can read sensitive information from the underlying operating system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware Aria Operations (formerly vRealize Operations): 8.0.0 - 8.10
CPE2.3- cpe:2.3:a:vmware:aria_operations:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:aria_operations:8.10:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:aria_operations:8.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:aria_operations:8.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:aria_operations:8.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:aria_operations:8.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:aria_operations:8.6.4:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2022-0034.html
https://kb.vmware.com/s/article/90232
https://www.zerodayinitiative.com/advisories/ZDI-23-057/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
