VMware Aria Operations (formerly VMware vRealize Operations) automates and simplifies IT management with full-stack visibility from physical, virtual and cloud infrastructure including Virtual Machines (VMs) and containers to the applications they support. In this article, we shall discuss how to remediate “VMSA-2022-0026: An arbitrary file read vulnerability in VMware Aria Operations”. Learn about this event “Veeam at Microsoft Ignite 2022 from 12-14 October“.

VMware Aria Operations delivers continuous performance optimisation, efficient capacity and cost management, proactive planning, intelligent remediation and integrated compliance. It is available on-premises and as-a-service. Kindly refer to these related guides: How To Deploy Azure VMware Solution Private Cloud, What are the differences between vSphere, ESXi and vCenter, and How to extend a VM’s Hard Disk on VMware Workstation.

An arbitrary file read vulnerability in VMware Aria Operations was privately reported by Yu Dai of NSFOCUS TIANJI Lab to VMware. There are updates (patches) to remediate these vulnerabilities in the affected VMware products.

What Exploit Does this Vulnerability Present?

A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.

Here are some more related guides: Boot failure: How to fix EFI network timeout on VMware Workstation. Also, see How to solve VMware workstation .lck error.

Remediation to VMSA-2022-0026: An arbitrary file read vulnerability

To remediate CVE-2022-31682, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
Aria Operations	8.x	Any	CVE-2022-31682	4.9	Moderate	8.10	N/A	N/A

I hope you found this blog post on “VMSA-2022-0026: An arbitrary file read vulnerability in VMware Aria Operations” helpful. If you have any questions, please let me know in the comment session.