vROPS ürünü ile ilgili CVSSv3 puanlaması 5.6-7.2 ve etki derecesi “Important” olan bir açıklar bütünü yayınlandı. Bu atağı yapan kişi-mekanizma vROPs’ un aşağıdaki açıklarından yararlanarak ortamda yetkili kullanıcı haklarına sahip oluyor. Bu açıkların düzeltilmiş versiyonu vROPs 8.6.4 olarak mevcut, ürün upgrade planlamasını yapmanızı tavsiye ediyorum.

3a. Privilege Escalation Vulnerability (CVE-2022-31672)

Known Attack Vectors

A malicious actor with administrative network access can escalate privileges to root.

3b. Information Disclosure Vulnerability (CVE-2022-31673)

Known Attack Vectors

A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.

3c. Information Disclosure Vulnerability (CVE-2022-31674)

Known Attack Vectors

A low-privileged malicious actor with network access can access log files that lead to information disclosure.

vRealize Operations 8.6.4 Release Notes

https://docs.vmware.com/en/vRealize-Operations/8.6.4/rn/vrealize-operations-864-release-notes/index.html

VMware vRealize Operations 8.6.4

https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VROPS-864&productId=1205&rPId=92676