VYPR

Aria Operations

by VMware

CVEs (24)

  • CVE-2023-20887CriKEVJun 7, 2023
    risk 0.87cvss 9.8epss 0.98

    Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

  • CVE-2023-34039CriAug 29, 2023
    risk 0.72cvss 9.8epss 0.64

    Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for…

  • CVE-2023-20888HigJun 7, 2023
    risk 0.64cvss 8.8epss 0.82

    Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code…

  • CVE-2023-20877HigMay 12, 2023
    risk 0.57cvss 8.8epss 0.01

    VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.

  • CVE-2023-20889HigJun 7, 2023
    risk 0.55cvss 7.5epss 0.79

    Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.

  • CVE-2026-41724HigJun 8, 2026
    risk 0.52cvss 8.0epss 0.00

    VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.

  • CVE-2025-22231HigApr 1, 2025
    risk 0.51cvss 7.8epss 0.00

    VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.

  • CVE-2024-38831HigNov 26, 2024
    risk 0.51cvss 7.8epss 0.00

    VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a root user on the appliance running VMware Aria Operations.

  • CVE-2024-38830HigNov 26, 2024
    risk 0.51cvss 7.8epss 0.00

    VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.

  • CVE-2025-22222HigJan 30, 2025
    risk 0.50cvss 7.7epss 0.01

    VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.

  • CVE-2023-20890HigAug 29, 2023
    risk 0.49cvss 7.2epss 0.22

    Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.

  • CVE-2023-20878HigMay 12, 2023
    risk 0.47cvss 7.2epss 0.01

    VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.

  • CVE-2024-38832HigNov 26, 2024
    risk 0.46cvss 7.1epss 0.00

    VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

  • CVE-2024-38833MedNov 26, 2024
    risk 0.44cvss 6.8epss 0.00

    VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

  • CVE-2024-22235MedFeb 21, 2024
    risk 0.44cvss 6.7epss 0.00

    VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

  • CVE-2023-34043MedSep 27, 2023
    risk 0.44cvss 6.7epss 0.00

    VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

  • CVE-2023-20880MedMay 12, 2023
    risk 0.44cvss 6.7epss 0.00

    VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

  • CVE-2023-20879MedMay 12, 2023
    risk 0.44cvss 6.7epss 0.00

    VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.

  • CVE-2024-38834MedNov 26, 2024
    risk 0.42cvss 6.5epss 0.00

    VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

  • CVE-2022-31682MedOct 11, 2022
    risk 0.32cvss 4.9epss 0.01

    VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.

Page 1 of 2