VMware Releases Security Update

Security update addresses multiple vulnerabilities affecting vRealize Operations

Threat ID:: CC-4145
Threat Severity:: Information only
Published:: 10 August 2022 2:31 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update addresses multiple vulnerabilities affecting vRealize Operations

Affected platforms

The following platforms are known to be affected:

Versions: 8.x

VMware vRealize Operations Manager

Threat details

Introduction

VMware has released a security update to address vulnerabilities in VMware vRealize Operations Manager. These vulnerabilities include privilege escalation, information disclosure, and authentication bypass. An attacker could exploit these vulnerabilities to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review VMware Security Advisory VMSA-2022-0022 and apply the relevant updates.

Definitive source of threat updates

https://www.vmware.com/security/advisories/VMSA-2022-0022.html

CVE Vulnerabilities

Status Published

CVE-2022-31672

VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.

Status Published

CVE-2022-31673

VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.

Status Published

CVE-2022-31674

VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.

Status Published

CVE-2022-31675

VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.

Last edited: 10 August 2022 2:31 pm