CVE-2024-22241
https://notcve.org/view.php?id=CVE-2024-22241
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. Aria Operations for Networks contiene una vulnerabilidad de cross-site scripting. Un actor malintencionado con privilegios de administrador puede inyectar un payload malicioso en el banner de inicio de sesión y apoderarse de la cuenta del usuario. • https://www.vmware.com/security/advisories/VMSA-2024-0002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-22240
https://notcve.org/view.php?id=CVE-2024-22240
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. Aria Operations for Networks contiene una vulnerabilidad de lectura de archivos locales. Un actor malintencionado con privilegios de administrador puede aprovechar esta vulnerabilidad y provocar acceso no autorizado a información confidencial. • https://www.vmware.com/security/advisories/VMSA-2024-0002.html • CWE-552: Files or Directories Accessible to External Parties •
CVE-2024-22239
https://notcve.org/view.php?id=CVE-2024-22239
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access. Aria Operations for Networks contiene una vulnerabilidad de escalada de privilegios local. Un usuario de consola con acceso a Aria Operations for Networks puede aprovechar esta vulnerabilidad para escalar privilegios y obtener acceso regular al shell. • https://www.vmware.com/security/advisories/VMSA-2024-0002.html • CWE-269: Improper Privilege Management •
CVE-2024-22238
https://notcve.org/view.php?id=CVE-2024-22238
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. Aria Operations for Networks contiene una vulnerabilidad de cross-site scripting. Un actor malicioso con privilegios de administrador puede inyectar código malicioso en las configuraciones del perfil de usuario debido a una sanitización de entrada inadecuada. • https://www.vmware.com/security/advisories/VMSA-2024-0002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-22237
https://notcve.org/view.php?id=CVE-2024-22237
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. Aria Operations for Networks contiene una vulnerabilidad de escalada de privilegios local. Un usuario de consola con acceso a Aria Operations for Networks puede aprovechar esta vulnerabilidad para escalar privilegios y obtener acceso raíz al sistema. • https://www.vmware.com/security/advisories/VMSA-2024-0002.html • CWE-269: Improper Privilege Management •