Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-31674

Published: 10/08/2022 Updated: 15/08/2022
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Vmware

Vulnerability Summary

VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware vrealize operations

Vendor Advisories

VMware Security Advisories:
Sign up for Security Advisories Stay up to date on the latest VMware Security advisories and updates ...

Github Repositories

https://github.com/sourceincite/DashOverride

This is a pre-authenticated RCE exploit for VMware vRealize Operations Manager

DashOverride What This is a pre-authenticated RCE exploit for VMware vRealize Operations Manager (vROPS) that impacts versions <= 86319682901 Author Steven Seeley of Qihoo 360 Vulnerability Research Institute Tested The exploit was tested against 86319682901 using the file vRealize-Operations-Manager-Appliance-86319682901_OVF10ova (SHA1: 4637b6385db4fbee6b1150

Recent Articles

Patch Tuesday: Yet another Microsoft RCE bug under active exploit
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Oh, and that critical VMware auth bypass vuln? Miscreants found it, too Security News Poll

August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too.  Let's start off with Microsoft's 121 security holes, which are the most interesting of the ever-growing, second-Tuesday patch party. Plus, they include one that Redmond lists as under active attack and a second that it says is also publicly known. Of the 121 Microsoft bugs, 17 are considered critical. Both of the bugs listed as publicly known are ranked as ...

Read more...

References

CWE-532https://www.vmware.com/security/advisories/VMSA-2022-0022.htmlhttps://nvd.nist.govhttps://github.com/sourceincite/DashOverridehttps://www.theregister.co.uk/2022/08/09/august_patch_tuesday_microsoft/https://www.vmware.com/security/advisories/VMSA-2022-0022.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook