Vulnerabilities > CVE-2024-38834 - Unspecified vulnerability in VMWare Aria Operations and Cloud Foundation

CVSS 4.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

vmware

NVD

Published: 2024-11-26

Updated: 2025-05-14

Summary

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Cloud Foundation 4.0 Vmware Cloud Foundation 4.0.1 Vmware Cloud Foundation 4.1 Vmware Cloud Foundation 4.1.0.1 Vmware Cloud Foundation 4.2 Vmware Cloud Foundation 4.2.1 Vmware Cloud Foundation 4.3 Vmware Cloud Foundation 4.3.1 Vmware Cloud Foundation 4.3.11 Vmware Cloud Foundation 4.4 Vmware Cloud Foundation 4.4.1 Vmware Cloud Foundation 4.4.1.1 Vmware Cloud Foundation 4.5 Vmware Cloud Foundation 4.5.1 Vmware Cloud Foundation 4.5.2 Vmware Cloud Foundation 5.0 Vmware Cloud Foundation 5.1 Vmware Cloud Foundation 5.1.1 Vmware Aria Operations 8.6.0 Vmware Aria Operations 8.10.0 Vmware Aria Operations 8.12.0 Vmware Aria Operations 8.14.0 Vmware Aria Operations 8.16.0	28

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199