3 results (0.004 seconds)

CVSS: 7.5EPSS: 11%CPEs: 1EXPL: 0

Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware Aria Operations for Networks. Authentication is required to exploit this vulnerability. The specific flaw exists within the exportPDF method. The issue results from the lack of proper validation of a user-supplied string before using it to execute JavaScript code. • https://www.vmware.com/security/advisories/VMSA-2023-0012.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.8EPSS: 20%CPEs: 1EXPL: 0

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Aria Operations for Networks. Authentication is required to exploit this vulnerability. The specific flaw exists within the getNotifiedEvents method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://www.vmware.com/security/advisories/VMSA-2023-0012.html • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication. vRealize Network Insight (vRNI) contiene una vulnerabilidad de inyección de comandos presente en la API REST de vRNI. Un actor malintencionado con acceso a la red de la API REST de vRNI puede ejecutar comandos sin autenticación. This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vRealize Network Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createSupportBundle function. • https://www.vmware.com/security/advisories/VMSA-2022-0031.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •