Security News > 2023 > June > VMware fixes critical vulnerabilities in vRealize network analytics tool

VMware fixes critical vulnerabilities in vRealize network analytics tool
2023-06-07 15:09

VMware issued multiple security patches today to address critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing attackers to gain remote execution or access sensitive information.

Previously known as vRealize Network Insight, this network visibility and analytics tool helps admins optimize network performance or manage and scale various VMware and Kubernetes deployments.

"A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution," Vmware says.

WMware says no workarounds are available to remove the attack vector, so admins must patch all VMware Aria Operations Networks 6.x on-prem installations to secure them against attacks.

In April, VMware also addressed a critical bug that let attackers run code as root in the vRealize Log Insight log analysis tool.

Months earlier, Horizon3's Attack Team released proof-of-concept exploit code for another series of critical security flaws in the same VMware product patched one week earlier.


News URL

https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-vulnerabilities-in-vrealize-network-analytics-tool/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591