Vulnerabilities > Vmware > Aria Operations FOR Networks

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2024-22237 Improper Privilege Management vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.
local
low complexity
vmware CWE-269
7.8
2024-02-06 CVE-2024-22238 Cross-site Scripting vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.
network
low complexity
vmware CWE-79
4.8
2024-02-06 CVE-2024-22239 Improper Privilege Management vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.
local
low complexity
vmware CWE-269
7.8
2024-02-06 CVE-2024-22240 Files or Directories Accessible to External Parties vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.
network
low complexity
vmware CWE-552
4.9
2024-02-06 CVE-2024-22241 Cross-site Scripting vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.
network
low complexity
vmware CWE-79
4.8
2023-08-29 CVE-2023-20890 Path Traversal vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.
network
low complexity
vmware CWE-22
7.2
2023-08-29 CVE-2023-34039 Use of a Broken or Risky Cryptographic Algorithm vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
network
low complexity
vmware CWE-327
critical
9.8
2023-06-07 CVE-2023-20887 Command Injection vulnerability in VMWare Aria Operations for Networks
Aria Operations for Networks contains a command injection vulnerability.
network
low complexity
vmware CWE-77
critical
9.8