Vrealize Operations
by VMware
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7457 | Cri | 0.65 | 10.0 | 0.03 | Dec 29, 2016 | VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors. | ||
| CVE-2023-20856 | Hig | 0.57 | 8.8 | 0.00 | Feb 1, 2023 | VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. | ||
| CVE-2022-31673 | Hig | 0.57 | 8.8 | 0.01 | Aug 10, 2022 | VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution. | ||
| CVE-2016-7462 | Hig | 0.55 | 8.5 | 0.02 | Dec 29, 2016 | The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization. | ||
| CVE-2017-4946 | Hig | 0.51 | 7.8 | 0.01 | Jan 5, 2018 | The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM. | ||
| CVE-2022-31675 | Hig | 0.49 | 7.5 | 0.01 | Aug 10, 2022 | VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges. | ||
| CVE-2015-6934 | Hig | 0.48 | 7.3 | 0.05 | Dec 21, 2015 | Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java… | ||
| CVE-2022-31707 | Hig | 0.47 | 7.2 | 0.01 | Dec 16, 2022 | vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. | ||
| CVE-2022-31672 | Hig | 0.47 | 7.2 | 0.01 | Aug 10, 2022 | VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root. | ||
| CVE-2018-6978 | Med | 0.44 | 6.7 | 0.00 | Dec 18, 2018 | vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this… | ||
| CVE-2022-31708 | Med | 0.32 | 4.9 | 0.01 | Dec 16, 2022 | vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4. | ||
| CVE-2022-31674 | Med | 0.28 | 4.3 | 0.01 | Aug 10, 2022 | VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure. | ||
| CVE-2021-22033 | Low | 0.18 | 2.7 | 0.01 | Oct 13, 2021 | Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. |
- risk 0.65cvss 10.0epss 0.03
VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.
- risk 0.57cvss 8.8epss 0.00
VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user.
- risk 0.57cvss 8.8epss 0.01
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.
- risk 0.55cvss 8.5epss 0.02
The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.
- risk 0.51cvss 7.8epss 0.01
The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.
- risk 0.49cvss 7.5epss 0.01
VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.
- risk 0.48cvss 7.3epss 0.05
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java…
- risk 0.47cvss 7.2epss 0.01
vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
- risk 0.47cvss 7.2epss 0.01
VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.
- risk 0.44cvss 6.7epss 0.00
vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this…
- risk 0.32cvss 4.9epss 0.01
vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
- risk 0.28cvss 4.3epss 0.01
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.
- risk 0.18cvss 2.7epss 0.01
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.