CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-20877
https://notcve.org/view.php?id=CVE-2023-20877
12 May 2023 — VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. • https://www.vmware.com/security/advisories/VMSA-2023-0009.html • CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-20878
https://notcve.org/view.php?id=CVE-2023-20878
12 May 2023 — VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. • https://www.vmware.com/security/advisories/VMSA-2023-0009.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.7EPSS: 0%CPEs: 12EXPL: 0CVE-2023-20879
https://notcve.org/view.php?id=CVE-2023-20879
12 May 2023 — VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. • https://www.vmware.com/security/advisories/VMSA-2023-0009.html •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20856
https://notcve.org/view.php?id=CVE-2023-20856
01 Feb 2023 — VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. • https://www.vmware.com/security/advisories/VMSA-2023-0002.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31707 – VMware vRealize Operations CaSA Improper Privilege Management Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-31707
16 Dec 2022 — vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. vRealize Operations (vROps) contiene una vulnerabilidad de escalada de privilegios. VMware ha evaluado la gravedad de este problema en el rango de gravedad Importante con una puntuación base CVSSv3 máxima de 7.2. This vulnerability allows remote attackers to escalate privileges on affected installations of VM... • https://www.vmware.com/security/advisories/VMSA-2022-0034.html •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31708 – VMware vRealize Operations CaSA Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-31708
16 Dec 2022 — vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4. This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware vRealize Operations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the config... • https://www.vmware.com/security/advisories/VMSA-2022-0034.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31682
https://notcve.org/view.php?id=CVE-2022-31682
11 Oct 2022 — VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data. VMware Aria Operations contiene una vulnerabilidad de lectura arbitraria de archivos. Un actor malicioso privilegiado administrativos puede ser capaz de leer archivos arbitrarios que contengan datos confidenciales • https://www.vmware.com/security/advisories/VMSA-2022-0026.html •
CVSS: 9.0EPSS: 6%CPEs: 1EXPL: 0CVE-2022-31673
https://notcve.org/view.php?id=CVE-2022-31673
09 Aug 2022 — VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution. VMware vRealize Operations contiene una vulnerabilidad de divulgación de información. Un actor malicioso poco privilegiado y acceso a la red puede crear y filtrar volcados hexadecimales, conllevando a una divulgación de información. • https://www.vmware.com/security/advisories/VMSA-2022-0022.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31674
https://notcve.org/view.php?id=CVE-2022-31674
09 Aug 2022 — VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure. VMware vRealize Operations contiene una vulnerabilidad de divulgación de información. Un actor malicioso poco privilegiado y acceso a la red puede acceder a archivos de registro conllevando a una divulgación de información • https://www.vmware.com/security/advisories/VMSA-2022-0022.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31675
https://notcve.org/view.php?id=CVE-2022-31675
09 Aug 2022 — VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges. VMware vRealize Operations contiene una vulnerabilidad de omisión de autenticación. Un actor malicioso no autenticado con acceso a la red puede ser capaz de crear un usuario con privilegios administrativos • https://www.vmware.com/security/advisories/VMSA-2022-0022.html •