Tech Tips, News, Tutorials & Advice

VMSA-2022-0026

  • James Dean
    • vmware logo headervmware logo header

    Moderate


    VMSA-2022-0026

    4.9

    2022-10-11

    2022-10-11 (Initial Advisory)

    CVE-2022-31682

    VMware Aria Operations patches address an arbitrary file read vulnerability (CVE-2022-31682).
    1. Impacted Products


    Aria Operations (Formerly VMware vRealize Operations)

    2. Introduction


    An arbitrary file read vulnerability in VMware Aria Operations was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.  

    3. Arbitrary File Read Vulnerability (CVE-2022-31682)

    Description



    VMware Aria Operations contains an arbitrary file read vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.9.

    Known Attack Vectors



    A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.

    Resolution



    To remediate CVE-2022-31682, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.

    Workarounds



    None.

    Additional Documentation



    None.

    Notes



    None.

    Acknowledgements



    VMware would like to thank Yu Dai of NSFOCUS TIANJI Lab for reporting this issue to us.

    Response Matrix

    Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
    Aria Operations
    8.x
    Any
    CVE-2022-31682
    4.9
    moderate

    8.10
    N/A
    N/A
    4. References


    VMware Aria Operations 8.10
    Downloads and Documentation:
    https://docs.vmware.com/en/vRealize-Operations/8.10/rn/vrealize-operations-810-release-notes/index.html
    https://customerconnect.vmware.com/downloads/info/slug/infrastructure_operations_management/vmware_vrealize_operations/8_10

    Mitre CVE Dictionary Links:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31682

    FIRST CVSSv3 Calculator:
    https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

    5. Change Log


    2022-10-11 : VMSA-2022-0026
    Initial security advisory.

    6. Contact


    E-mail list for product security notifications and announcements:

    https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce 

     

    This Security Advisory is posted to the following lists:  

    security-announce@lists.vmware.com  

    bugtraq@securityfocus.com  

    fulldisclosure@seclists.org 

     

    E-mail: security@vmware.com

    PGP key at:

    https://kb.vmware.com/kb/1055 

     

    VMware Security Advisories

    https://www.vmware.com/security/advisories 

     

    VMware Security Response Policy

    https://www.vmware.com/support/policies/security_response.html 

     

    VMware Lifecycle Support Phases

    https://www.vmware.com/support/policies/lifecycle.html 

     

    VMware Security & Compliance Blog  

    https://blogs.vmware.com/security 

     

    Twitter

    https://twitter.com/VMwareSRC

     

    Copyright 2020 VMware Inc. All rights reserved.
     

    Read full article (vmware.com)

    All content and images belong to their respected owners, this article is curated for informational purposes only.

    Exit mobile version