CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31682
https://notcve.org/view.php?id=CVE-2022-31682
11 Oct 2022 — VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data. VMware Aria Operations contiene una vulnerabilidad de lectura arbitraria de archivos. Un actor malicioso privilegiado administrativos puede ser capaz de leer archivos arbitrarios que contengan datos confidenciales • https://www.vmware.com/security/advisories/VMSA-2022-0026.html •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31673
https://notcve.org/view.php?id=CVE-2022-31673
09 Aug 2022 — VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution. VMware vRealize Operations contiene una vulnerabilidad de divulgación de información. Un actor malicioso poco privilegiado y acceso a la red puede crear y filtrar volcados hexadecimales, conllevando a una divulgación de información. • https://www.vmware.com/security/advisories/VMSA-2022-0022.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31674
https://notcve.org/view.php?id=CVE-2022-31674
09 Aug 2022 — VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure. VMware vRealize Operations contiene una vulnerabilidad de divulgación de información. Un actor malicioso poco privilegiado y acceso a la red puede acceder a archivos de registro conllevando a una divulgación de información • https://www.vmware.com/security/advisories/VMSA-2022-0022.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31675
https://notcve.org/view.php?id=CVE-2022-31675
09 Aug 2022 — VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges. VMware vRealize Operations contiene una vulnerabilidad de omisión de autenticación. Un actor malicioso no autenticado con acceso a la red puede ser capaz de crear un usuario con privilegios administrativos • https://www.vmware.com/security/advisories/VMSA-2022-0022.html •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31672
https://notcve.org/view.php?id=CVE-2022-31672
09 Aug 2022 — VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root. VMware vRealize Operations contiene una vulnerabilidad de escalada de privilegios. Un actor malicioso con acceso administrativo a la red puede escalar los privilegios a root • https://www.vmware.com/security/advisories/VMSA-2022-0022.html •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22033
https://notcve.org/view.php?id=CVE-2021-22033
13 Oct 2021 — Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. Las versiones anteriores a VMware vRealize Operations versión 8.6, contienen una vulnerabilidad de tipo Server Side Request Forgery (SSRF) • https://www.vmware.com/security/advisories/VMSA-2021-0021.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2018-6978 – VMware Security Advisory 2018-0031
https://notcve.org/view.php?id=CVE-2018-6978
18 Dec 2018 — vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine. vRealize Operations (versiones 7.x anteriores a la 7.0.0.11287810, 6.7.x anteriores... • http://www.securityfocus.com/bid/106242 • CWE-732: Incorrect Permission Assignment for Critical Resource •