Lucene search

Aria Operations For Networks Security Vulnerabilities - 2023

cve

CVE-2023-20887

Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

9.8CVSS

9.8AI Score

0.971EPSS

2023-06-07 03:15 PM

428

In Wild

cve

CVE-2023-20890

Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.

7.2CVSS

8.7AI Score

0.002EPSS

2023-08-29 06:15 PM

cve

CVE-2023-34039

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.

9.8CVSS

9.7AI Score

0.945EPSS

2023-08-29 06:15 PM

138