Lucene search
K
VmwareAria Operations

16 matches found

CVE
CVE
added 2026/06/08 7:5 a.m.412 views

CVE-2026-41722

CVE-2026-41722 is a stored cross-site scripting vulnerability affecting VMware Cloud Foundation Operations and related products. The NVD/Broadcom advisory describes that a malicious actor with privileges to create policies, views, or text-widgets can inject scripts to perform administrative actio...

8CVSS5.2AI score0.00399EPSS
CVE
CVE
added 2025/09/29 4:9 p.m.134 views

CVE-2025-41244

CVE-2025-41244 covers a local privilege-escalation in Open VM Tools used with VMware Aria Operations; a non-administrative local user with access to a VM that has VMware Tools (SDMP enabled) can escalate to root within the same VM. Affected component: open-vm-tools bundled with VMware Tools; root...

7.8CVSS6.8AI score0.0788EPSS
In wild
CVE
CVE
added 2023/09/26 5:14 p.m.129 views

CVE-2023-34043

CVE-2023-34043 affects VMware Aria Operations (formerly vRealize Operations). A local privilege escalation exists where an actor with administrative access on the compromised host can escalate to root. Affected product versions (per advisories) include VMware Aria Operations 8.6.x (fixed in 8.6 H...

6.7CVSS6.8AI score0.00173EPSS
CVE
CVE
added 2024/02/21 4:59 a.m.128 views

CVE-2024-22235

CVE-2024-22235 affects VMware Aria Operations (formerly vRealize Operations) and VMware Aria Operations in VMware Cloud Foundation. The issue is a local privilege escalation: a malicious actor with administrative access to the local system can escalate to root. The CVSSv3 base score is 6.7 (Local...

6.7CVSS6.8AI score0.00194EPSS
CVE
CVE
added 2026/06/08 7:7 a.m.111 views

CVE-2026-41724

CVE-2026-41724 affects VMware Cloud Foundation Operations and is a stored cross-site scripting vulnerability. The NVD/NVD-derived data shows CVSSv3.1 base score 8.0 (Network, High impact on confidentiality, integrity, availability; Privileges Required: Low; User Interaction: Required). Exploitati...

8CVSS5.2AI score0.00313EPSS
CVE
CVE
added 2026/02/25 7:18 p.m.98 views

CVE-2026-22719

CVE-2026-22719 describes a command injection vulnerability in VMware Aria Operations that could allow an unauthenticated attacker to execute arbitrary commands and potentially achieve remote code execution during support‑assisted product migration. Affected product is VMware Aria Operations (8.x ...

8.1CVSS6.7AI score0.17424EPSS
In wild
CVE
CVE
added 2025/01/30 3:32 p.m.90 views

CVE-2025-22222

CVE-2025-22222 affects VMware Aria Operations and Aria Operations for Logs. A information-disclosure flaw allows a non-administrative user who knows a valid service credential ID to retrieve credentials for an outbound plugin. The issue is contextualized with related CVEs (CVE-2025-22218/22219/22...

7.7CVSS7.3AI score0.00539EPSS
CVE
CVE
added 2026/06/08 7:6 a.m.74 views

CVE-2026-41723

VMware Cloud Foundation Operations is affected by CVE-2026-41723 (and related CVEs) with multiple stored cross-site scripting vulnerabilities. The NVD/NVD-derived details indicate an issue in VMware Cloud Foundation Operations where a malicious actor with privileges to create policies, views, or ...

8CVSS5.2AI score0.00399EPSS
CVE
CVE
added 2024/11/26 11:49 a.m.73 views

CVE-2024-38830

CVE-2024-38830 affects VMware Aria Operations and is a local privilege-escalation vulnerability. The Nessus/NVD entries describe that an attacker with local administrative privileges can escalate to root on the appliance. The issue is addressed in VMware Aria Operations with patches up to version...

7.8CVSS7.9AI score0.00178EPSS
CVE
CVE
added 2023/05/12 12:0 a.m.69 views

CVE-2023-20880

CVE-2023-20880 affects VMware Aria Operations. The connected sources confirm a Local Privilege Escalation vulnerability in the Aria Operations component that, when exploited by an administrator, can escalate to root on the underlying OS. The issue is documented across multiple feeds (NVD/Red Hat/...

6.7CVSS7.3AI score0.00224EPSS
CVE
CVE
added 2024/11/26 11:51 a.m.64 views

CVE-2024-38832

CVE-2024-38832 corresponds to a stored cross-site scripting (XSS) vulnerability in VMware Aria Operations. The issue affects the ability of a malicious actor with editing access to views to inject scripts, potentially leading to stored XSS in the product. Connected sources (VMSA-2024-0022, NVD en...

7.1CVSS6.5AI score0.00449EPSS
CVE
CVE
added 2024/11/26 11:56 a.m.62 views

CVE-2024-38834

CVE-2024-38834 is a stored cross-site scripting vulnerability in VMware Aria Operations. The issue allows a malicious actor with editing access to cloud provider settings or views to inject scripts, leading to stored XSS in the product. The vulnerability is documented across multiple sources (NVD...

6.5CVSS6.1AI score0.0032EPSS
CVE
CVE
added 2024/11/26 11:50 a.m.60 views

CVE-2024-38831

Summary: CVE-2024-38831 affects VMware Aria Operations. A local attacker with administrative privileges can modify the properties file to escalate to root. The issue is addressed in the VMSA-2024-0022 advisory, which groups CVE-2024-38830/38831/38832/38833/38834 and lists a fixed version of 8.18....

7.8CVSS8AI score0.00293EPSS
CVE
CVE
added 2024/11/26 11:54 a.m.60 views

CVE-2024-38833

CVE-2024-38833 is a stored cross-site scripting vulnerability in VMware Aria Operations. A malicious actor with editing access to email templates could inject script resulting in stored XSS. Connected sources attribute a moderate to high impact depending on access; CVSS details include up to 6.8 ...

6.8CVSS6.3AI score0.00408EPSS
CVE
CVE
added 2026/02/25 8:0 p.m.51 views

CVE-2026-22721

CVE-2026-22721 affects VMware Aria Operations (8.x) prior to 8.18.6. A privileged actor in vCenter who can access Aria Operations can escalate to administrative rights. Remediation is via patches listed in the Fixed Version column of the VMSA-2026-0001 response matrix (Broadcom VMware security ad...

7.2CVSS5.3AI score0.00686EPSS
CVE
CVE
added 2026/02/25 7:33 p.m.25 views

CVE-2026-22720

CVE-2026-22720 affects VMware Aria Operations 8.x prior to 8.18.6, with a stored XSS in custom benchmarks. Remediation is to apply the fixes listed in VMSA-2026-0001 (Aria Operations 8.18.6). Connected sources also note CVE-2026-22719 (command injection) and CVE-2026-22721 (privilege escalation) ...

9CVSS4.9AI score0.00411EPSS