Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vrealize_operations
(Vmware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-08-10 | CVE-2022-31675 | VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges. | Vrealize_operations | 7.5 | ||
| 2022-10-11 | CVE-2022-31682 | VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data. | Vrealize_operations | 4.9 | ||
| 2022-12-16 | CVE-2022-31707 | vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. | Vrealize_operations | 7.2 | ||
| 2022-12-16 | CVE-2022-31708 | vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4. | Vrealize_operations | 4.9 | ||
| 2023-02-01 | CVE-2023-20856 | VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. | Vrealize_operations | 8.8 | ||
| 2018-12-18 | CVE-2018-6978 | vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine. | Vrealize_operations | 6.7 | ||
| 2016-12-29 | CVE-2016-7462 | The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization. | Vrealize_operations | 8.5 | ||
| 2016-12-29 | CVE-2016-7457 | VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors. | Vrealize_operations | 10.0 |