CVE-2023-20888

2023-06-0714:18:41

vmware

www.cve.org

cve-2023-20888

authenticated deserialization vulnerability

remote code execution

network access

vmware aria operations

AI Score

9.5

Confidence

High

EPSS

0.248

Percentile

96.7%

JSON

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid ‘member’ role credentials may be able to perform a deserialization attack resulting in remote code execution.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Aria Operations for Networks (Formerly vRealize Network Insight)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Aria Operations for Networks (Formerly vRealize Network Insight) 6.x"
      }
    ]
  }
]