#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(300235);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/21");
script_cve_id("CVE-2026-22719", "CVE-2026-22720", "CVE-2026-22721");
script_xref(name:"VMSA", value:"2026-0001");
script_xref(name:"IAVA", value:"2026-A-0178");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2026/03/24");
script_name(english:"VMWare Aria Operations 8.x < 8.18.6 Multiple Vulnerabilities (VMSA-2026-0001)");
script_set_attribute(attribute:"synopsis", value:
"A web application running on the remote server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the instance of VMWare Aria Operations (formerly vRealize Operations) running on the remote web
server is 8.x < 8.18.6. It is, therefore, affected by the following:
- VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this
issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while
support-assisted product migration is in progress. (CVE-2026-22719)
- VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to
create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations.
(CVE-2026-22720)
- VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to
access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations.
(CVE-2026-22721)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?03f82522");
script_set_attribute(attribute:"solution", value:
"Upgrade to VMWare Aria Operations 8.18.6.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-22720");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/02/24");
script_set_attribute(attribute:"patch_publication_date", value:"2026/02/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/02");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:vrealize_operations");
script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:aria_operations");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("vmware_vrealize_operations_manager_webui_detect.nbin");
script_require_keys("installed_sw/vRealize Operations Manager");
script_require_ports("Services/www", 443);
exit(0);
}
include('vdf.inc');
# @tvdl-content
var vuln_data = {
'metadata': {'spec_version': '1.0'},
'checks': [
{
'product': {'name': 'vRealize Operations Manager', 'type': 'app'},
'check_algorithm': 'default',
'constraints' : [
{'min_version':'8.0', 'fixed_version': '8.18.6'}
]
}
]
};
var vdf_result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:vdf_result);Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation