Issued: Wednesday, 24 August, 2022 |
Last Revision: Wednesday, 24 August, 2022 |
Vendor: |
Product: |
Severity Level: |
VMware has released security update to address the multiple vulnerabilities in VMware vRealize Operations, the most serious of which might lead to Remote Code Execution.
The product vRealize Operations is an IT management tool. It is utilized for visibility, optimization, and management of physical, virtual, and cloud infrastructures.
The most serious of these flaws might enable the attacker to execute code within the context of the application. An attacker may then install programs, view, modify, or delete data depending on the permissions associated with the application that was using the exploit.
There are no reports of these flaws being used in the wild right now.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2022-31672 | Privilege Escalation Vulnerability | 7.2 |
CVE-2022-31673 | Information Disclosure Vulnerability | 6.5 |
CVE-2022-31674 | Information Disclosure Vulnerability | 6.5 |
CVE-2022-31675 | Authentication Bypass Vulnerability | 5.6 |
Table 1: Vulnerability details
CVE/Vulnerability | Affected Product(s) | Affected Versions | Fixed Versions |
|
CVE-2022-31672 CVE-2022-31673 CVE-2022-31674 CVE-2022-31675 | VMware vRealize Operations | 8.x | 8.6.4 |
|
Table 2: Vulnerable versions
Organizations are encouraged to review and mitigate the reported vulnerabilities by Vendor provided fix.