Security | Vulnerability Scans and Assessment Virtualization

VMSA-2022-0026: An arbitrary file read vulnerability in VMware Aria Operations


VMware Aria Operations (formerly VMware vRealize Operations) automates and simplifies IT management with full-stack visibility from physical, virtual and cloud infrastructure including Virtual Machines (VMs) and containers to the applications they support. It delivers continuous performance optimisation, efficient capacity and cost management, proactive planning, intelligent remediation and integrated compliance. It is available on-premises and as-a-service. Kindly refer to these related guides: How To Deploy Azure VMware Solution Private Cloud, What are the differences between vSphere, ESXi and vCenter, and How to extend a VM’s Hard Disk on VMware Workstation.

An arbitrary file read vulnerability in VMware Aria Operations was privately reported by Yu Dai of NSFOCUS TIANJI Lab to VMware. There are updates (patches) to remediate these vulnerabilities in the affected VMware products. Learn about this event “Veeam at Microsoft Ignite 2022 from 12-14 October“.

What Exploit does this Vulnerability Present?

A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data. Here are some more related guides: Boot failure: How to fix EFI network timeout on VMware Workstation, and How to solve VMware workstation .lck error.


To remediate CVE-2022-31682, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Aria Operations8.xAnyCVE-2022-316824.9Moderate 8.10N/AN/A

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x