A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.Ĭommand injection is an attack method that aims to execute arbitrary commands on a system. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution (RCE).ĬVE-2023-20889 (CVSS score: 8.8 out of 10): Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution (RCE).ĬVE-2023-20888 (CVSS score: 9.1 out of 10): Aria Operations for Networks contains an authenticated deserialization vulnerability. The CVEs patched in these updates are:ĬVE-2023-20887 ( CVSS score: 9.8 out of 10): Aria Operations for Networks contains a command injection vulnerability. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. Users of versions VMware Aria Operations for Networks 6.x are under advise to applying the patches listed in the VMware KB article about these vulnerabilities.īefore you download and apply the security patch for your Aria Operations for Network deployment, it is advised to perform clean up using steps mentioned in VMware KB 88977 to avoid issues with patch upgrade failing with “Insufficient disk space toast message.” The vulnerabilities were found in Aria Operations for Networks which was formerly known as vRealize Network Insight. VMware has released security updates to fix three vulnerabilities in Aria Operations for Networks which could result in information disclosure and remote code execution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |