#VU70388 Improper access control in VMware Aria Operations (formerly vRealize Operations) - CVE-2022-31708

Cybersecurity Help s.r.o.

Published: 2022-12-16 | Updated: 2023-02-01

Vulnerability identifier: #VU70388

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-31708

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
VMware Aria Operations (formerly vRealize Operations)
Client/Desktop applications / Virtualization software

Vendor: VMware, Inc

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to improper access restrictions within the configuration of CaSA. A remote user with admin privileges in the vROps application can read sensitive information from the underlying operating system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

VMware Aria Operations (formerly vRealize Operations): 8.0.0 - 8.0.1, 8.1.0 - 8.10, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0 - 8.6.4

External links
https://www.vmware.com/security/advisories/VMSA-2022-0034.html
https://kb.vmware.com/s/article/90232
https://www.zerodayinitiative.com/advisories/ZDI-23-057/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in VMware vRealize Operations (vROps)