Vulnerabilities > CVE-2024-22240 - Files or Directories Accessible to External Parties vulnerability in VMWare Aria Operations for Networks

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

vmware

CWE-552

NVD

Published: 2024-02-06

Updated: 2024-02-10

Summary

Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Aria Operations FOR Networks 6.2.0 Vmware Aria Operations FOR Networks 6.3.0 Vmware Aria Operations FOR Networks 6.4.0 Vmware Aria Operations FOR Networks 6.5.0 Vmware Aria Operations FOR Networks 6.6.0 Vmware Aria Operations FOR Networks 6.7.0 Vmware Aria Operations FOR Networks 6.8.0 Vmware Aria Operations FOR Networks 6.9.0 Vmware Aria Operations FOR Networks 6.10.0 Vmware Aria Operations FOR Networks 6.11.0	10

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://www.vmware.com/security/advisories/VMSA-2024-0002.html