CVE-2024-22241

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account...

CVE-2023-20889

Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure...

CVE-2024-22237

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system...

CVE-2024-22240

CVE-2024-22240 affects VMware Aria Operations for Networks. The issue is a local file read vulnerability exploitable by a user with admin/management privileges, potentially allowing unauthorized access to sensitive data. Public details describe the vulnerability without providing exploit steps be...

CVE-2024-22237

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system...

PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability

Proof-of-concept PoC exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks formerly vRealize Network Insight. The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been describe...

The vulnerability of the network and application monitoring tool VMware Aria Operations for Networks, which allows unauthorized users to download files of a malicious nature, enables attackers to execute arbitrary code.

The vulnerability of the network and application monitoring tool in VMware Aria Operations for Networks relates to the unlimited download of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Metasploit Weekly Wrap up

Unauthenticated RCE in VMware Product This week, community contributor h00die added an exploit module that leverages a command injection vulnerability in VMWare Aria Operations for Networks, formerly known as vRealize Network Insight. Versions 6.2 to 6.10 are vulnerable CVE-2023-20887. A remote...

VMware Releases Security Update for Aria Operations for Networks

VMware has released a security update to address multiple vulnerabilities in Aria Operations for Networks Formerly vRealize Network Insight. The vulnerabilities were evaluated to fall within the critical severity range, as a malicious actor with network access may be able to perform a command...

CVE-2023-20889

VMware Aria Operations for Networks (formerly vRealize Network Insight) is affected by CVE-2023-20889, a network-exposed information-disclosure vulnerability caused by an information-disclosing command-injection flaw in the application layer. The issue can be exploited by a remote attacker with n...

CVE-2023-20888

CVE-2023-20888 affects VMware Aria Operations for Networks. It is an authenticated deserialization vulnerability in which an attacker with network access and a valid member role can trigger a deserialization attack leading to remote code execution. Exploitation details are not provided in the sou...