Lucene search
K

VMWare Aria Operations 8.x < 8.18.6 Multiple Vulnerabilities (VMSA-2026-0001)

🗓️ 02 Mar 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 1 Views

VMware Aria Operations 8.x to 8.18.6 has command injection, XSS, and privilege escalation flaws.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(300235);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/21");

  script_cve_id("CVE-2026-22719", "CVE-2026-22720", "CVE-2026-22721");
  script_xref(name:"VMSA", value:"2026-0001");
  script_xref(name:"IAVA", value:"2026-A-0178");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2026/03/24");

  script_name(english:"VMWare Aria Operations 8.x < 8.18.6 Multiple Vulnerabilities (VMSA-2026-0001)");

  script_set_attribute(attribute:"synopsis", value:
"A web application running on the remote server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the instance of VMWare Aria Operations (formerly vRealize Operations) running on the remote web
server is 8.x < 8.18.6. It is, therefore, affected by the following:

  - VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this
    issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while
    support-assisted product migration is in progress. (CVE-2026-22719)
  
  - VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to
    create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations.
    (CVE-2026-22720)

  - VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to
    access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations.
    (CVE-2026-22721)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?03f82522");
  script_set_attribute(attribute:"solution", value:
"Upgrade to VMWare Aria Operations 8.18.6.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-22720");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/02/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/02/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/02");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:vrealize_operations");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:aria_operations");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("vmware_vrealize_operations_manager_webui_detect.nbin");
  script_require_keys("installed_sw/vRealize Operations Manager");
  script_require_ports("Services/www", 443);

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product': {'name': 'vRealize Operations Manager', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints' : [
        {'min_version':'8.0', 'fixed_version': '8.18.6'}
      ]
    }
  ]
};

var vdf_result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:vdf_result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Apr 2026 00:00Current
8.3High risk
Vulners AI Score8.3
CVSS 3.18.1 - 9
EPSS0.17424
SSVC
1