CVE-2022-31697

CVSS V2 None CVSS V3 None

Description

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.

Overview

CVE ID
CVE-2022-31697

Assigner
security@vmware.com

Vulnerability Status
Analyzed

Published Version
2022-12-13T16:15:19

Last Modified Date
2022-12-15T17:45:12

Weakness Enumerations

CWE	URL
CWE-312	http://cwe.mitre.org/data/definitions/312.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start
cpe:2.3:a:vmware:vcenter_server:6.5:-::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:a::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:b::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:c::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:d::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update1::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update1b::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update1d::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update1e::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update1g::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update2::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update2b::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update2c::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update2d::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update2g::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update3::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update3d::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update3f::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update3k::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update3n::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update3p::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update3q::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update3r::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update3s::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.5:update3t::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:-::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:a::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:b::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:c::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:d::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update1::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update1b::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update2::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update2a::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update2c::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update3::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update3a::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update3b::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update3f::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update3g::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update3j::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update3l::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update3m::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update3n::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update3o::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update3p::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update3q::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:6.7:update3r::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:-::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:a::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:b::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:c::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:d::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:update1::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:update1a::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:update1c::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:update2::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:update2a::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:update2b::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:update2c::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:update2d::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:update3::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:update3a::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:update3c::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:update3d::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:update3e::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:update3f::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:update3g::::::	1	OR
cpe:2.3:a:vmware:vcenter_server:7.0:update3h::::::	1	OR
cpe:2.3:a:vmware:cloud_foundation::::::::	1	OR	3.0

References

Reference URL	Reference Tags
https://www.vmware.com/security/advisories/VMSA-2022-0030.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-31697
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31697

History

Created	Old Value	New Value	Data Type	Notes
2022-12-13 16:18:29				Added to TrackCVE
2022-12-13 17:21:47	2022-12-13T16:15:19.790	2022-12-13T16:15:19	CVE Published Date	updated
2022-12-13 17:21:47		2022-12-13T16:52:09	CVE Modified Date	updated
2022-12-13 17:21:47	Received	Awaiting Analysis	Vulnerability Status	updated
2022-12-15 16:18:03	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2022-12-15 18:16:19		2022-12-15T17:45:12	CVE Modified Date	updated
2022-12-15 18:16:19	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2022-12-15 18:16:19		CWE-312	Weakness Enumeration	new
2022-12-15 18:16:20			CPE Information	updated