Aria Operations
by VMware
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-20887 | Cri | 0.87 | 9.8 | 0.98 | KEV | Jun 7, 2023 | Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution. | |
| CVE-2023-34039 | Cri | 0.72 | 9.8 | 0.64 | Aug 29, 2023 | Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for… | ||
| CVE-2023-20888 | Hig | 0.64 | 8.8 | 0.82 | Jun 7, 2023 | Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code… | ||
| CVE-2023-20877 | Hig | 0.57 | 8.8 | 0.01 | May 12, 2023 | VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. | ||
| CVE-2023-20889 | Hig | 0.55 | 7.5 | 0.79 | Jun 7, 2023 | Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. | ||
| CVE-2026-41724 | Hig | 0.52 | 8.0 | 0.00 | Jun 8, 2026 | VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations. | ||
| CVE-2025-22231 | Hig | 0.51 | 7.8 | 0.00 | Apr 1, 2025 | VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations. | ||
| CVE-2024-38831 | Hig | 0.51 | 7.8 | 0.00 | Nov 26, 2024 | VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations. | ||
| CVE-2024-38830 | Hig | 0.51 | 7.8 | 0.00 | Nov 26, 2024 | VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations. | ||
| CVE-2025-22222 | Hig | 0.50 | 7.7 | 0.01 | Jan 30, 2025 | VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known. | ||
| CVE-2023-20890 | Hig | 0.49 | 7.2 | 0.22 | Aug 29, 2023 | Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution. | ||
| CVE-2023-20878 | Hig | 0.47 | 7.2 | 0.01 | May 12, 2023 | VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. | ||
| CVE-2024-38832 | Hig | 0.46 | 7.1 | 0.00 | Nov 26, 2024 | VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. | ||
| CVE-2024-38833 | Med | 0.44 | 6.8 | 0.00 | Nov 26, 2024 | VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. | ||
| CVE-2024-22235 | Med | 0.44 | 6.7 | 0.00 | Feb 21, 2024 | VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | ||
| CVE-2023-34043 | Med | 0.44 | 6.7 | 0.00 | Sep 27, 2023 | VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | ||
| CVE-2023-20880 | Med | 0.44 | 6.7 | 0.00 | May 12, 2023 | VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | ||
| CVE-2023-20879 | Med | 0.44 | 6.7 | 0.00 | May 12, 2023 | VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. | ||
| CVE-2024-38834 | Med | 0.42 | 6.5 | 0.00 | Nov 26, 2024 | VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. | ||
| CVE-2022-31682 | Med | 0.32 | 4.9 | 0.01 | Oct 11, 2022 | VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data. |
- risk 0.87cvss 9.8epss 0.98
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
- risk 0.72cvss 9.8epss 0.64
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for…
- risk 0.64cvss 8.8epss 0.82
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code…
- risk 0.57cvss 8.8epss 0.01
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
- risk 0.55cvss 7.5epss 0.79
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.
- risk 0.52cvss 8.0epss 0.00
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.
- risk 0.51cvss 7.8epss 0.00
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.
- risk 0.51cvss 7.8epss 0.00
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations.
- risk 0.51cvss 7.8epss 0.00
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.
- risk 0.50cvss 7.7epss 0.01
VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.
- risk 0.49cvss 7.2epss 0.22
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.
- risk 0.47cvss 7.2epss 0.01
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.
- risk 0.46cvss 7.1epss 0.00
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
- risk 0.44cvss 6.8epss 0.00
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
- risk 0.44cvss 6.7epss 0.00
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
- risk 0.44cvss 6.7epss 0.00
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
- risk 0.44cvss 6.7epss 0.00
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
- risk 0.44cvss 6.7epss 0.00
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.
- risk 0.42cvss 6.5epss 0.00
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
- risk 0.32cvss 4.9epss 0.01
VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.
Page 1 of 2