HomeVulnerabilityMultiple Vulnerabilities found in VMWare vROps – CVE-2022-31707, CVE-2022-31708

Multiple Vulnerabilities found in VMWare vROps – CVE-2022-31707, CVE-2022-31708

December 26, 2022
Multiple Vulnerabilities found in VMWare vROps – CVE-2022-31707, CVE-2022-31708

Release Date – Dec 15, 2022

CVE Details – CVE-2022-31707, CVE-2022-31708

Alert Severity – High, Medium

Affected Products – Vmware vRealize Operations (vROps)

Active Versions – 8.6.x, 8.10

(older versions are EOL, EOS)

Description –

Multiple vulnerabilities in vROps were reported to VMware, which may cause unauthorized root access of underlying operating systems.

  1. vROps privilege escalation vulnerability (CVE-2022-31707):
    This vulnerability contains privilege escalation vulnerability with a maximum CVSSv3 base score of 7.2
    Threat actors with administrative access in the vROps application can gain root access to underlying operating systems.
  2. vROps access control vulnerability (CVE-2022-31708)
    This vulnerability is a broken access control vulnerability with a maximum CVSSv3 base score of 4.4
    The threat actors with admin access in the vROps application can read sensitive information of underlying operating systems

Mitigation/Solution –

vROps version 8.10 – upgrade to 8.10.1
vROps version 8.6.x – update KB90232

Only vROps 8.6.x and 8.10 versions are active, rest all versions of vROps are discontinued and support is not available from VMware.

Note: VMware is replacing vROps with VMware Aria Operations with AI and ML predective analysis.

Tags:, ,

Related Posts

Add a Comment

Your email address will not be published.