VYPR

Vrealize Operations

by VMware

CVEs (13)

  • CVE-2016-7457CriDec 29, 2016
    risk 0.65cvss 10.0epss 0.03

    VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.

  • CVE-2023-20856HigFeb 1, 2023
    risk 0.57cvss 8.8epss 0.00

    VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user.

  • CVE-2022-31673HigAug 10, 2022
    risk 0.57cvss 8.8epss 0.01

    VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.

  • CVE-2016-7462HigDec 29, 2016
    risk 0.55cvss 8.5epss 0.02

    The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.

  • CVE-2017-4946HigJan 5, 2018
    risk 0.51cvss 7.8epss 0.01

    The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.

  • CVE-2022-31675HigAug 10, 2022
    risk 0.49cvss 7.5epss 0.01

    VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.

  • CVE-2015-6934HigDec 21, 2015
    risk 0.48cvss 7.3epss 0.05

    Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java…

  • CVE-2022-31707HigDec 16, 2022
    risk 0.47cvss 7.2epss 0.01

    vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.

  • CVE-2022-31672HigAug 10, 2022
    risk 0.47cvss 7.2epss 0.01

    VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.

  • CVE-2018-6978MedDec 18, 2018
    risk 0.44cvss 6.7epss 0.00

    vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this…

  • CVE-2022-31708MedDec 16, 2022
    risk 0.32cvss 4.9epss 0.01

    vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.

  • CVE-2022-31674MedAug 10, 2022
    risk 0.28cvss 4.3epss 0.01

    VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.

  • CVE-2021-22033LowOct 13, 2021
    risk 0.18cvss 2.7epss 0.01

    Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.