CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38831 – Local privilege escalation vulnerability (CVE-2024-38831)
https://notcve.org/view.php?id=CVE-2024-38831
26 Nov 2024 — VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38830 – Local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-38830
26 Nov 2024 — VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations. VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199 • CWE-269: Improper Privilege Management •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22235
https://notcve.org/view.php?id=CVE-2024-22235
21 Feb 2024 — VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. VMware Aria Operations contiene una vulnerabilidad de escalada de privilegios local. Un actor malicioso con acceso administrativo al sistema local puede escalar privilegios a "root". VMware Aria Operations contains a local privilege escalation vulnerability. • https://www.vmware.com/security/advisories/VMSA-2024-0004.html • CWE-269: Improper Privilege Management •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22241
https://notcve.org/view.php?id=CVE-2024-22241
06 Feb 2024 — Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. Aria Operations for Networks contiene una vulnerabilidad de cross-site scripting. Un actor malintencionado con privilegios de administrador puede inyectar un payload malicioso en el banner de inicio de sesión y apoderarse de la cuenta del usuario. Aria Operations for Networks contains a cross site scripting vul... • https://www.vmware.com/security/advisories/VMSA-2024-0002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22240
https://notcve.org/view.php?id=CVE-2024-22240
06 Feb 2024 — Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. Aria Operations for Networks contiene una vulnerabilidad de lectura de archivos locales. Un actor malintencionado con privilegios de administrador puede aprovechar esta vulnerabilidad y provocar acceso no autorizado a información confidencial. Aria Operations for Networks contains a local file read vulnerability... • https://www.vmware.com/security/advisories/VMSA-2024-0002.html • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22239
https://notcve.org/view.php?id=CVE-2024-22239
06 Feb 2024 — Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access. Aria Operations for Networks contiene una vulnerabilidad de escalada de privilegios local. Un usuario de consola con acceso a Aria Operations for Networks puede aprovechar esta vulnerabilidad para escalar privilegios y obtener acceso regular al shell. Aria Operations for Networks contai... • https://www.vmware.com/security/advisories/VMSA-2024-0002.html • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 0CVE-2024-22238
https://notcve.org/view.php?id=CVE-2024-22238
06 Feb 2024 — Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. Aria Operations for Networks contiene una vulnerabilidad de cross-site scripting. Un actor malicioso con privilegios de administrador puede inyectar código malicioso en las configuraciones del perfil de usuario debido a una sanitización de entrada inadecuada. Aria Operations for Networks c... • https://www.vmware.com/security/advisories/VMSA-2024-0002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22237
https://notcve.org/view.php?id=CVE-2024-22237
06 Feb 2024 — Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. Aria Operations for Networks contiene una vulnerabilidad de escalada de privilegios local. Un usuario de consola con acceso a Aria Operations for Networks puede aprovechar esta vulnerabilidad para escalar privilegios y obtener acceso raíz al sistema. Aria Operations for Networks co... • https://www.vmware.com/security/advisories/VMSA-2024-0002.html • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 78%CPEs: 7EXPL: 1CVE-2023-34051
https://notcve.org/view.php?id=CVE-2023-34051
20 Oct 2023 — VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. VMware Aria Operations for Logs contiene una vulnerabilidad de omisión de autenticación. Un actor malicioso no autenticado puede inyectar archivos en el sistema operativo de un dispositivo afectado, lo que puede resultar en la ejecución remota de código. VMware Aria Operations for Lo... • https://github.com/horizon3ai/CVE-2023-34051 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34052
https://notcve.org/view.php?id=CVE-2023-34052
20 Oct 2023 — VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass. VMware Aria Operations for Logs contiene una vulnerabilidad de deserialización. Un actor malintencionado con acceso no administrativo al sistema local puede desencadenar la deserialización de datos, lo que podría provocar una omisión de autenticación. VMware Aria Operations for Logs ... • https://www.vmware.com/security/advisories/VMSA-2023-0021.html • CWE-502: Deserialization of Untrusted Data •