Описание
Azure Site Recovery Information Disclosure Vulnerability
FAQ
What is Azure Site Recovery?
Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery
To what scenario does this vulnerability apply?
This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery.
What can I do to protect myself from this vulnerability? You can follow the steps here to update to version 9.48.
According to the CVSS metric, privileges required is high (PR:H). What privileges does an attacker require to exploit this vulnerability?
Successful exploitation of this vulnerability requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server.
What type of information could be disclosed by this vulnerability?
This vulnerability could allow disclosure of accounts and user table data, including encrypted credentials.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure Site Recovery VMWare to Azure |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
4.9 Medium
CVSS3
Связанные уязвимости
Azure Site Recovery Information Disclosure Vulnerability
Azure Site Recovery Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26896.
Уязвимость средства аварийного восстановления Azure Site Recovery, связанная с раскрытием информации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
4.9 Medium
CVSS3