16 matches found
CVE-2026-41722
CVE-2026-41722 is a stored cross-site scripting vulnerability affecting VMware Cloud Foundation Operations and related products. The NVD/Broadcom advisory describes that a malicious actor with privileges to create policies, views, or text-widgets can inject scripts to perform administrative actio...
CVE-2025-41244
CVE-2025-41244 covers a local privilege-escalation in Open VM Tools used with VMware Aria Operations; a non-administrative local user with access to a VM that has VMware Tools (SDMP enabled) can escalate to root within the same VM. Affected component: open-vm-tools bundled with VMware Tools; root...
CVE-2023-34043
CVE-2023-34043 affects VMware Aria Operations (formerly vRealize Operations). A local privilege escalation exists where an actor with administrative access on the compromised host can escalate to root. Affected product versions (per advisories) include VMware Aria Operations 8.6.x (fixed in 8.6 H...
CVE-2024-22235
CVE-2024-22235 affects VMware Aria Operations (formerly vRealize Operations) and VMware Aria Operations in VMware Cloud Foundation. The issue is a local privilege escalation: a malicious actor with administrative access to the local system can escalate to root. The CVSSv3 base score is 6.7 (Local...
CVE-2026-41724
CVE-2026-41724 affects VMware Cloud Foundation Operations and is a stored cross-site scripting vulnerability. The NVD/NVD-derived data shows CVSSv3.1 base score 8.0 (Network, High impact on confidentiality, integrity, availability; Privileges Required: Low; User Interaction: Required). Exploitati...
CVE-2026-22719
CVE-2026-22719 describes a command injection vulnerability in VMware Aria Operations that could allow an unauthenticated attacker to execute arbitrary commands and potentially achieve remote code execution during support‑assisted product migration. Affected product is VMware Aria Operations (8.x ...
CVE-2025-22222
CVE-2025-22222 affects VMware Aria Operations and Aria Operations for Logs. A information-disclosure flaw allows a non-administrative user who knows a valid service credential ID to retrieve credentials for an outbound plugin. The issue is contextualized with related CVEs (CVE-2025-22218/22219/22...
CVE-2026-41723
VMware Cloud Foundation Operations is affected by CVE-2026-41723 (and related CVEs) with multiple stored cross-site scripting vulnerabilities. The NVD/NVD-derived details indicate an issue in VMware Cloud Foundation Operations where a malicious actor with privileges to create policies, views, or ...
CVE-2024-38830
CVE-2024-38830 affects VMware Aria Operations and is a local privilege-escalation vulnerability. The Nessus/NVD entries describe that an attacker with local administrative privileges can escalate to root on the appliance. The issue is addressed in VMware Aria Operations with patches up to version...
CVE-2023-20880
CVE-2023-20880 affects VMware Aria Operations. The connected sources confirm a Local Privilege Escalation vulnerability in the Aria Operations component that, when exploited by an administrator, can escalate to root on the underlying OS. The issue is documented across multiple feeds (NVD/Red Hat/...
CVE-2024-38832
CVE-2024-38832 corresponds to a stored cross-site scripting (XSS) vulnerability in VMware Aria Operations. The issue affects the ability of a malicious actor with editing access to views to inject scripts, potentially leading to stored XSS in the product. Connected sources (VMSA-2024-0022, NVD en...
CVE-2024-38834
CVE-2024-38834 is a stored cross-site scripting vulnerability in VMware Aria Operations. The issue allows a malicious actor with editing access to cloud provider settings or views to inject scripts, leading to stored XSS in the product. The vulnerability is documented across multiple sources (NVD...
CVE-2024-38831
Summary: CVE-2024-38831 affects VMware Aria Operations. A local attacker with administrative privileges can modify the properties file to escalate to root. The issue is addressed in the VMSA-2024-0022 advisory, which groups CVE-2024-38830/38831/38832/38833/38834 and lists a fixed version of 8.18....
CVE-2024-38833
CVE-2024-38833 is a stored cross-site scripting vulnerability in VMware Aria Operations. A malicious actor with editing access to email templates could inject script resulting in stored XSS. Connected sources attribute a moderate to high impact depending on access; CVSS details include up to 6.8 ...
CVE-2026-22721
CVE-2026-22721 affects VMware Aria Operations (8.x) prior to 8.18.6. A privileged actor in vCenter who can access Aria Operations can escalate to administrative rights. Remediation is via patches listed in the Fixed Version column of the VMSA-2026-0001 response matrix (Broadcom VMware security ad...
CVE-2026-22720
CVE-2026-22720 affects VMware Aria Operations 8.x prior to 8.18.6, with a stored XSS in custom benchmarks. Remediation is to apply the fixes listed in VMSA-2026-0001 (Aria Operations 8.18.6). Connected sources also note CVE-2026-22719 (command injection) and CVE-2026-22721 (privilege escalation) ...