Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-20877
HistoryMay 12, 2023 - 9:15 p.m.

CVE-2023-20877

2023-05-1221:15:09
[email protected]
web.nvd.nist.gov
6
vmware
aria operations
privilege escalation
vulnerability
authenticated
malicious user
code execution
readonly privileges

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9

Confidence

High

EPSS

0.001

Percentile

42.6%

JSON

VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.

Affected configurations

Nvd
Node
vmwarecloud_foundationRange4.04.5
OR
vmwarevrealize_operationsMatch8.6.0-
OR
vmwarevrealize_operationsMatch8.6.0hotfix1
OR
vmwarevrealize_operationsMatch8.6.0hotfix2
OR
vmwarevrealize_operationsMatch8.6.0hotfix4
OR
vmwarevrealize_operationsMatch8.6.0hotfix5
OR
vmwarevrealize_operationsMatch8.6.0hotfix6
OR
vmwarevrealize_operationsMatch8.6.0hotfix8
OR
vmwarevrealize_operationsMatch8.6.0hotfix9
OR
vmwarevrealize_operationsMatch8.10.0-
OR
vmwarevrealize_operationsMatch8.10.0hotfix1
OR
vmwarevrealize_operationsMatch8.10.0hotfix2
VendorProductVersionCPE
vmwarecloud_foundation*cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
vmwarevrealize_operations8.6.0cpe:2.3:a:vmware:vrealize_operations:8.6.0:-:*:*:*:*:*:*
vmwarevrealize_operations8.6.0cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix1:*:*:*:*:*:*
vmwarevrealize_operations8.6.0cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix2:*:*:*:*:*:*
vmwarevrealize_operations8.6.0cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix4:*:*:*:*:*:*
vmwarevrealize_operations8.6.0cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix5:*:*:*:*:*:*
vmwarevrealize_operations8.6.0cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix6:*:*:*:*:*:*
vmwarevrealize_operations8.6.0cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix8:*:*:*:*:*:*
vmwarevrealize_operations8.6.0cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix9:*:*:*:*:*:*
vmwarevrealize_operations8.10.0cpe:2.3:a:vmware:vrealize_operations:8.10.0:-:*:*:*:*:*:*
Rows per page:
1-10 of 121

Related

prion 1
cve 1
cvelist 1
thn 1
vmware 1
nessus 1
prion
prion
Privilege escalation
2023-05-12 21:15:00
cve
cve
CVE-2023-20877
2023-05-12 21:15:09
cvelist
cvelist
CVE-2023-20877
2023-05-12 00:00:00
thn
thn
Go Beyond the Headlines for Deeper Dives into the Cybercriminal Underground
2023-07-18 10:54:00
vmware
vmware
VMware Aria Operations update addresses multiple Local Privilege Escalations and a Deserialization issue (CVE-2023-20877, CVE-2023-20878, CVE-2023-20879, CVE-2023-20880)
2023-05-11 00:00:00
nessus
nessus
VMware vRealize Operations Multiple Vulnerabilities (VMSA-2023-0009)
2023-05-18 00:00:00

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9

Confidence

High

EPSS

0.001

Percentile

42.6%

JSON
Related for NVD:CVE-2023-20877
prion1cve1cvelist1thn1vmware1nessus1