CVE-2022-31697

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vmwareCNA
---
---
CVEADP
---
---
CISA-ADPADP
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
vmwarevcenter_server
6.5
vmwarevcenter_server
6.5:a
vmwarevcenter_server
6.5:b
vmwarevcenter_server
6.5:c
vmwarevcenter_server
6.5:d
vmwarevcenter_server
6.5:update1
vmwarevcenter_server
6.5:update1b
vmwarevcenter_server
6.5:update1d
vmwarevcenter_server
6.5:update1e
vmwarevcenter_server
6.5:update1g
vmwarevcenter_server
6.5:update2
vmwarevcenter_server
6.5:update2b
vmwarevcenter_server
6.5:update2c
vmwarevcenter_server
6.5:update2d
vmwarevcenter_server
6.5:update2g
vmwarevcenter_server
6.5:update3
vmwarevcenter_server
6.5:update3d
vmwarevcenter_server
6.5:update3f
vmwarevcenter_server
6.5:update3k
vmwarevcenter_server
6.5:update3n
vmwarevcenter_server
6.5:update3p
vmwarevcenter_server
6.5:update3q
vmwarevcenter_server
6.5:update3r
vmwarevcenter_server
6.5:update3s
vmwarevcenter_server
6.5:update3t
vmwarevcenter_server
6.7
vmwarevcenter_server
6.7:a
vmwarevcenter_server
6.7:b
vmwarevcenter_server
6.7:c
vmwarevcenter_server
6.7:d
vmwarevcenter_server
6.7:update1
vmwarevcenter_server
6.7:update1b
vmwarevcenter_server
6.7:update2
vmwarevcenter_server
6.7:update2a
vmwarevcenter_server
6.7:update2c
vmwarevcenter_server
6.7:update3
vmwarevcenter_server
6.7:update3a
vmwarevcenter_server
6.7:update3b
vmwarevcenter_server
6.7:update3f
vmwarevcenter_server
6.7:update3g
vmwarevcenter_server
6.7:update3j
vmwarevcenter_server
6.7:update3l
vmwarevcenter_server
6.7:update3m
vmwarevcenter_server
6.7:update3n
vmwarevcenter_server
6.7:update3o
vmwarevcenter_server
6.7:update3p
vmwarevcenter_server
6.7:update3q
vmwarevcenter_server
6.7:update3r
vmwarevcenter_server
7.0
vmwarevcenter_server
7.0:a
vmwarevcenter_server
7.0:b
vmwarevcenter_server
7.0:c
vmwarevcenter_server
7.0:d
vmwarevcenter_server
7.0:update1
vmwarevcenter_server
7.0:update1a
vmwarevcenter_server
7.0:update1c
vmwarevcenter_server
7.0:update2
vmwarevcenter_server
7.0:update2a
vmwarevcenter_server
7.0:update2b
vmwarevcenter_server
7.0:update2c
vmwarevcenter_server
7.0:update2d
vmwarevcenter_server
7.0:update3
vmwarevcenter_server
7.0:update3a
vmwarevcenter_server
7.0:update3c
vmwarevcenter_server
7.0:update3d
vmwarevcenter_server
7.0:update3e
vmwarevcenter_server
7.0:update3f
vmwarevcenter_server
7.0:update3g
vmwarevcenter_server
7.0:update3h
vmwarecloud_foundation
3.0 ≤
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.vmware.com/security/advisories/VMSA-2022-0030.html
https://www.vmware.com/security/advisories/VMSA-2022-0030.html