8 matches found
CVE-2025-22220
CVE-2025-22220 affects VMware Aria Operations for Logs. A privilege-escalation vulnerability allows a malicious actor with non-administrative privileges and network access to the Aria Operations for Logs API to perform certain operations in the context of an admin user. The issue is part of a set...
CVE-2023-34051
The CVE-2023-34051 entry describes an authentication bypass in VMware Aria Operations for Logs that allows an unauthenticated attacker to inject files into the appliance’s operating system, potentially enabling remote code execution. Public sources in the connected documents confirm affected prod...
CVE-2023-20864
CVE-2023-20864 affects VMware Aria Operations for Logs. The NUCLEI template and multiple sources describe an unauthenticated deserialization vulnerability that enables remote code execution as root when the system is network-accessible. Impact is described as arbitrary code execution with root pr...
CVE-2025-22218
CVE-2025-22218 (information disclosure) and CVE-2025-22219/22220/22221/22222 (XSS, broken access, and credentials leaks) affect VMware Aria Operations for Logs and related products. The Broadcom VMSA-2025-0003 advisory and VMware/ Broadcom release notes confirm multiple issues: CVE-2025-22218 all...
CVE-2023-34052
CVE-2023-34052 affects VMware Aria Operations for Logs (deserialization vulnerability enabling authentication bypass). A non-administrative, local attacker can trigger deserialization to bypass authentication. VMware’s advisory VMSA-2023-0021 provides remediation: update to fixed version 8.14. Th...
CVE-2023-20865
The CVE-2023-20865 entry concerns VMware Aria Operations for Logs. Affected product: VMware Aria Operations for Logs (log management app, formerly vRealize Log Insight). Vulnerability: command injection in which a malicious actor with administrative privileges can execute arbitrary commands as ro...
CVE-2025-22219
VMware Aria Operations for Logs is affected by CVE-2025-22219 (stored cross-site scripting). According to the sources, a malicious actor with non-administrative privileges can inject scripts that may lead to arbitrary admin actions. Remediation is available in the fixed version 8.18.3 for Aria Op...
CVE-2025-22221
CVE-2025-22221 affects VMware Aria Operations for Logs. The stored cross-site scripting vulnerability can be triggered by a malicious actor with admin privileges to VMware Aria Operations for Logs, allowing injection of a script that could execute in a victim’s browser during a delete action in t...