Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vrealize_operations
(Vmware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-05-12 | CVE-2023-20877 | VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. | Cloud_foundation, Vrealize_operations | 8.8 | ||
| 2023-05-12 | CVE-2023-20878 | VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. | Cloud_foundation, Vrealize_operations | 7.2 | ||
| 2023-05-12 | CVE-2023-20879 | VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. | Cloud_foundation, Vrealize_operations | 6.7 | ||
| 2020-02-19 | CVE-2020-3943 | vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations. | Vrealize_operations | 9.8 | ||
| 2020-02-19 | CVE-2020-3944 | vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication. | Vrealize_operations | 8.6 | ||
| 2020-02-19 | CVE-2020-3945 | vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information | Vrealize_operations | 7.5 | ||
| 2021-10-13 | CVE-2021-22033 | Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. | Cloud_foundation, Vrealize_operations, Vrealize_suite_lifecycle_manager | 2.7 | ||
| 2022-08-10 | CVE-2022-31672 | VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root. | Vrealize_operations | 7.2 | ||
| 2022-08-10 | CVE-2022-31673 | VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution. | Vrealize_operations | 8.8 | ||
| 2022-08-10 | CVE-2022-31674 | VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure. | Vrealize_operations | 4.3 |