CVE-2022-31697 Information

Description

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.

Reference

https://www.vmware.com/security/advisories/VMSA-2022-0030.html