What is the severity of CVE-2022-31697?

CVE-2022-31697 has a medium severity rating due to its potential for information disclosure.

How do I fix CVE-2022-31697?

To fix CVE-2022-31697, users should upgrade to a patched version of VMware vCenter Server as recommended by VMware.

What versions of VMware vCenter are affected by CVE-2022-31697?

CVE-2022-31697 affects VMware vCenter Server versions 6.5 and 6.7 as well as 7.0.

What kind of vulnerability is CVE-2022-31697?

CVE-2022-31697 is an information disclosure vulnerability that allows logging of credentials in plaintext.

Vulnerability/
CVE-2022-31697

medium

5.5

CWE

312

13/12/2022

22/4/2025

CVE-2022-31697

First published: Tue Dec 13 2022(Updated: )

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.

Credit: security@vmware.com

Affected Software	Affected Version	How to fix
VMware vCenter	=6.5
VMware vCenter	=6.5-a
VMware vCenter	=6.5-b
VMware vCenter	=6.5-c
VMware vCenter	=6.5-d
VMware vCenter	=6.5-update1
VMware vCenter	=6.5-update1b
VMware vCenter	=6.5-update1d
VMware vCenter	=6.5-update1e
VMware vCenter	=6.5-update1g
VMware vCenter	=6.5-update2
VMware vCenter	=6.5-update2b
VMware vCenter	=6.5-update2c
VMware vCenter	=6.5-update2d
VMware vCenter	=6.5-update2g
VMware vCenter	=6.5-update3
VMware vCenter	=6.5-update3d
VMware vCenter	=6.5-update3f
VMware vCenter	=6.5-update3k
VMware vCenter	=6.5-update3n
VMware vCenter	=6.5-update3p
VMware vCenter	=6.5-update3q
VMware vCenter	=6.5-update3r
VMware vCenter	=6.5-update3s
VMware vCenter	=6.5-update3t
VMware vCenter	=6.7
VMware vCenter	=6.7-a
VMware vCenter	=6.7-b
VMware vCenter	=6.7-c
VMware vCenter	=6.7-d
VMware vCenter	=6.7-update1
VMware vCenter	=6.7-update1b
VMware vCenter	=6.7-update2
VMware vCenter	=6.7-update2a
VMware vCenter	=6.7-update2c
VMware vCenter	=6.7-update3
VMware vCenter	=6.7-update3a
VMware vCenter	=6.7-update3b
VMware vCenter	=6.7-update3f
VMware vCenter	=6.7-update3g
VMware vCenter	=6.7-update3j
VMware vCenter	=6.7-update3l
VMware vCenter	=6.7-update3m
VMware vCenter	=6.7-update3n
VMware vCenter	=6.7-update3o
VMware vCenter	=6.7-update3p
VMware vCenter	=6.7-update3q
VMware vCenter	=6.7-update3r
VMware vCenter	=7.0
VMware vCenter	=7.0-a
VMware vCenter	=7.0-b
VMware vCenter	=7.0-c
VMware vCenter	=7.0-d
VMware vCenter	=7.0-update1
VMware vCenter	=7.0-update1a
VMware vCenter	=7.0-update1c
VMware vCenter	=7.0-update2
VMware vCenter	=7.0-update2a
VMware vCenter	=7.0-update2b
VMware vCenter	=7.0-update2c
VMware vCenter	=7.0-update2d
VMware vCenter	=7.0-update3
VMware vCenter	=7.0-update3a
VMware vCenter	=7.0-update3c
VMware vCenter	=7.0-update3d
VMware vCenter	=7.0-update3e
VMware vCenter	=7.0-update3f
VMware vCenter	=7.0-update3g
VMware vCenter	=7.0-update3h
VMware vCenter Server and Cloud Foundation	>=3.0
	=6.5
	=6.5-a
	=6.5-b
	=6.5-c
	=6.5-d
	=6.5-update1
	=6.5-update1b
	=6.5-update1d
	=6.5-update1e
	=6.5-update1g
	=6.5-update2
	=6.5-update2b
	=6.5-update2c
	=6.5-update2d
	=6.5-update2g
	=6.5-update3
	=6.5-update3d
	=6.5-update3f
	=6.5-update3k
	=6.5-update3n
	=6.5-update3p
	=6.5-update3q
	=6.5-update3r
	=6.5-update3s
	=6.5-update3t
	=6.7
	=6.7-a
	=6.7-b
	=6.7-c
	=6.7-d
	=6.7-update1
	=6.7-update1b
	=6.7-update2
	=6.7-update2a
	=6.7-update2c
	=6.7-update3
	=6.7-update3a
	=6.7-update3b
	=6.7-update3f
	=6.7-update3g
	=6.7-update3j
	=6.7-update3l
	=6.7-update3m
	=6.7-update3n
	=6.7-update3o
	=6.7-update3p
	=6.7-update3q
	=6.7-update3r
	=7.0
	=7.0-a
	=7.0-b
	=7.0-c
	=7.0-d
	=7.0-update1
	=7.0-update1a
	=7.0-update1c
	=7.0-update2
	=7.0-update2a
	=7.0-update2b
	=7.0-update2c
	=7.0-update2d
	=7.0-update3
	=7.0-update3a
	=7.0-update3c
	=7.0-update3d
	=7.0-update3e
	=7.0-update3f
	=7.0-update3g
	=7.0-update3h
	>=3.0

Never miss a vulnerability like this again

Reference Links

https://www.vmware.com/security/advisories/VMSA-2022-0030.html

Frequently Asked Questions

What is the severity of CVE-2022-31697?
CVE-2022-31697 has a medium severity rating due to its potential for information disclosure.
How do I fix CVE-2022-31697?
To fix CVE-2022-31697, users should upgrade to a patched version of VMware vCenter Server as recommended by VMware.
What versions of VMware vCenter are affected by CVE-2022-31697?
CVE-2022-31697 affects VMware vCenter Server versions 6.5 and 6.7 as well as 7.0.
What kind of vulnerability is CVE-2022-31697?
CVE-2022-31697 is an information disclosure vulnerability that allows logging of credentials in plaintext.
Who can exploit CVE-2022-31697?
A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation can exploit CVE-2022-31697.

agent/type
agent/references
agent/weakness
agent/author
agent/severity
agent/description
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/event
vendor/vmware
canonical/vmware vcenter
version/vmware vcenter/6.5
version/vmware vcenter/6.5-a
version/vmware vcenter/6.5-b
version/vmware vcenter/6.5-c
version/vmware vcenter/6.5-d
version/vmware vcenter/6.5-update1
version/vmware vcenter/6.5-update1b
version/vmware vcenter/6.5-update1d
version/vmware vcenter/6.5-update1e
version/vmware vcenter/6.5-update1g
version/vmware vcenter/6.5-update2
version/vmware vcenter/6.5-update2b
version/vmware vcenter/6.5-update2c
version/vmware vcenter/6.5-update2d
version/vmware vcenter/6.5-update2g
version/vmware vcenter/6.5-update3
version/vmware vcenter/6.5-update3d
version/vmware vcenter/6.5-update3f
version/vmware vcenter/6.5-update3k
version/vmware vcenter/6.5-update3n
version/vmware vcenter/6.5-update3p
version/vmware vcenter/6.5-update3q
version/vmware vcenter/6.5-update3r
version/vmware vcenter/6.5-update3s
version/vmware vcenter/6.5-update3t
version/vmware vcenter/6.7
version/vmware vcenter/6.7-a
version/vmware vcenter/6.7-b
version/vmware vcenter/6.7-c
version/vmware vcenter/6.7-d
version/vmware vcenter/6.7-update1
version/vmware vcenter/6.7-update1b
version/vmware vcenter/6.7-update2
version/vmware vcenter/6.7-update2a
version/vmware vcenter/6.7-update2c
version/vmware vcenter/6.7-update3
version/vmware vcenter/6.7-update3a
version/vmware vcenter/6.7-update3b
version/vmware vcenter/6.7-update3f
version/vmware vcenter/6.7-update3g
version/vmware vcenter/6.7-update3j
version/vmware vcenter/6.7-update3l
version/vmware vcenter/6.7-update3m
version/vmware vcenter/6.7-update3n
version/vmware vcenter/6.7-update3o
version/vmware vcenter/6.7-update3p
version/vmware vcenter/6.7-update3q
version/vmware vcenter/6.7-update3r
version/vmware vcenter/7.0
version/vmware vcenter/7.0-a
version/vmware vcenter/7.0-b
version/vmware vcenter/7.0-c
version/vmware vcenter/7.0-d
version/vmware vcenter/7.0-update1
version/vmware vcenter/7.0-update1a
version/vmware vcenter/7.0-update1c
version/vmware vcenter/7.0-update2
version/vmware vcenter/7.0-update2a
version/vmware vcenter/7.0-update2b
version/vmware vcenter/7.0-update2c
version/vmware vcenter/7.0-update2d
version/vmware vcenter/7.0-update3
version/vmware vcenter/7.0-update3a
version/vmware vcenter/7.0-update3c
version/vmware vcenter/7.0-update3d
version/vmware vcenter/7.0-update3e
version/vmware vcenter/7.0-update3f
version/vmware vcenter/7.0-update3g
version/vmware vcenter/7.0-update3h
canonical/vmware vcenter server and cloud foundation
version/vmware vcenter server and cloud foundation/3.0

CVE-2022-31697

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-31697?

How do I fix CVE-2022-31697?

What versions of VMware vCenter are affected by CVE-2022-31697?

What kind of vulnerability is CVE-2022-31697?

Who can exploit CVE-2022-31697?

Company

Resources

Contact