CVE-2025-22221

CVE-2025-22221 affects VMware Aria Operations for Logs. The stored cross-site scripting vulnerability can be triggered by a malicious actor with admin privileges to VMware Aria Operations for Logs, allowing injection of a script that could execute in a victim’s browser during a delete action in t...

CVE-2025-22220 VMware Aria Operations for Logs broken access control vulnerability (CVE-2025-22220)

VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user...

CVE-2025-22220

CVE-2025-22220 affects VMware Aria Operations for Logs. A privilege-escalation vulnerability allows a malicious actor with non-administrative privileges and network access to the Aria Operations for Logs API to perform certain operations in the context of an admin user. The issue is part of a set...

CVE-2025-22220 VMware Aria Operations for Logs broken access control vulnerability (CVE-2025-22220)

VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user...

CVE-2025-22219 VMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22219)

VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that can perform stored cross-site scripting may lead to arbitrary operations as admin user...

CVE-2025-22219

VMware Aria Operations for Logs is affected by CVE-2025-22219 (stored cross-site scripting). According to the sources, a malicious actor with non-administrative privileges can inject scripts that may lead to arbitrary admin actions. Remediation is available in the fixed version 8.18.3 for Aria Op...

CVE-2025-22219 VMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22219)

VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that can perform stored cross-site scripting may lead to arbitrary operations as admin user...

CVE-2025-22218

VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs...

Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects watsonx.data

Summary VMware Tanzu Spring Framework is vulnerable to a denial of service attack, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a special...

CVE-2025-22218

CVE-2025-22218 (information disclosure) and CVE-2025-22219/22220/22221/22222 (XSS, broken access, and credentials leaks) affect VMware Aria Operations for Logs and related products. The Broadcom VMSA-2025-0003 advisory and VMware/ Broadcom release notes confirm multiple issues: CVE-2025-22218 all...

CVE-2025-22218 VMware Aria Operations for Logs information disclosure vulnerability

VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs...

CVE-2025-22218 VMware Aria Operations for Logs information disclosure vulnerability

VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs...

Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects watsonx.data

Summary VMware Tanzu Spring Framework is vulnerable to a denial of service attack and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a...

Security Bulletin: Vulnerability in VMware Tanzu Spring Security affects watsonx.data

Summary VMware Tanzu Spring Security could allow a remote attacker to obtain sensitive information, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38810 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to obtain sensitive information, caused by missin...

VMSA-2025-0003: VMware Aria Operations for Logs and VMware Aria Operations updates address multiple vulnerabilities (CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221 and CVE-2025-22222)

Advisory ID: | VMSA-2025-0003 ---|--- Advisory Severity: | Important CVSSv3 Range: | 5.2-8.5 Synopsis: | VMware Aria Operations for Logs and VMware Aria Operations updates address multiple vulnerabilities CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, CVE-2025-22222 Issue date: |...

VMware Aria Operations for Logs 安全漏洞

VMware Aria Operations for Logs is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A security vulnerability exists in VMware Aria Operations for Logs. An attacker can exploit this vulnerability to inject malicious scripts...

VMware Aria Operations for Logs 安全漏洞

VMware Aria Operations for Logs is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A security vulnerability exists in VMware Aria Operations for Logs. An attacker can exploit this vulnerability to inject malicious scripts...

VMware Aria Operations for Logs 安全漏洞

VMware Aria Operations for Logs is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A security vulnerability exists in VMware Aria Operations for Logs. An attacker could exploit the vulnerability to elevate privileges...

PT-2025-4396 · Vmware · Vmware Aria Operations For Logs

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations for Logs affected versions not specified Description: The issue is related to insecure privilege management in VMware Aria Operations for Logs, allowing a malicious actor with non-administrative privileges and network...

PT-2025-4395 · Vmware · Vmware Aria Operations For Logs

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations for Logs affected versions not specified Description: The issue is related to a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script,...