Product:

Vrealize_operations

(Vmware)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 18
Date Id Summary Products Score Patch Annotated
2022-12-16 CVE-2022-31708 vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4. Vrealize_operations 4.9
2023-02-01 CVE-2023-20856 VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. Vrealize_operations 8.8
2023-05-12 CVE-2023-20877 VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. Cloud_foundation, Vrealize_operations 8.8
2023-05-12 CVE-2023-20878 VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. Cloud_foundation, Vrealize_operations 7.2
2023-05-12 CVE-2023-20879 VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. Cloud_foundation, Vrealize_operations 6.7
2018-12-18 CVE-2018-6978 vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine. Vrealize_operations 6.7
2016-12-29 CVE-2016-7462 The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization. Vrealize_operations 8.5
2016-12-29 CVE-2016-7457 VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors. Vrealize_operations 10.0