Security News > 2023 > June > VMware fixes critical vulnerabilities in vRealize network analytics tool
VMware issued multiple security patches today to address critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing attackers to gain remote execution or access sensitive information.
Previously known as vRealize Network Insight, this network visibility and analytics tool helps admins optimize network performance or manage and scale various VMware and Kubernetes deployments.
"A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution," Vmware says.
WMware says no workarounds are available to remove the attack vector, so admins must patch all VMware Aria Operations Networks 6.x on-prem installations to secure them against attacks.
In April, VMware also addressed a critical bug that let attackers run code as root in the vRealize Log Insight log analysis tool.
Months earlier, Horizon3's Attack Team released proof-of-concept exploit code for another series of critical security flaws in the same VMware product patched one week earlier.
News URL
Related news
- Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) (source)
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (source)
- PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) (source)