Lucene search
K
VmwareAria Operations For Logs

8 matches found

CVE
CVE
added 2025/01/30 3:28 p.m.173 views

CVE-2025-22220

CVE-2025-22220 affects VMware Aria Operations for Logs. A privilege-escalation vulnerability allows a malicious actor with non-administrative privileges and network access to the Aria Operations for Logs API to perform certain operations in the context of an admin user. The issue is part of a set...

5.4CVSS4.6AI score0.00317EPSS
CVE
CVE
added 2023/10/20 4:11 a.m.159 views

CVE-2023-34051

The CVE-2023-34051 entry describes an authentication bypass in VMware Aria Operations for Logs that allows an unauthenticated attacker to inject files into the appliance’s operating system, potentially enabling remote code execution. Public sources in the connected documents confirm affected prod...

9.8CVSS9.8AI score0.44667EPSS
CVE
CVE
added 2023/04/20 12:0 a.m.153 views

CVE-2023-20864

CVE-2023-20864 affects VMware Aria Operations for Logs. The NUCLEI template and multiple sources describe an unauthenticated deserialization vulnerability that enables remote code execution as root when the system is network-accessible. Impact is described as arbitrary code execution with root pr...

9.8CVSS9.7AI score0.7165EPSS
CVE
CVE
added 2025/01/30 2:23 p.m.140 views

CVE-2025-22218

CVE-2025-22218 (information disclosure) and CVE-2025-22219/22220/22221/22222 (XSS, broken access, and credentials leaks) affect VMware Aria Operations for Logs and related products. The Broadcom VMSA-2025-0003 advisory and VMware/ Broadcom release notes confirm multiple issues: CVE-2025-22218 all...

8.5CVSS8AI score0.0065EPSS
CVE
CVE
added 2023/10/20 4:11 a.m.117 views

CVE-2023-34052

CVE-2023-34052 affects VMware Aria Operations for Logs (deserialization vulnerability enabling authentication bypass). A non-administrative, local attacker can trigger deserialization to bypass authentication. VMware’s advisory VMSA-2023-0021 provides remediation: update to fixed version 8.14. Th...

7.8CVSS8.2AI score0.00204EPSS
CVE
CVE
added 2023/04/20 12:0 a.m.111 views

CVE-2023-20865

The CVE-2023-20865 entry concerns VMware Aria Operations for Logs. Affected product: VMware Aria Operations for Logs (log management app, formerly vRealize Log Insight). Vulnerability: command injection in which a malicious actor with administrative privileges can execute arbitrary commands as ro...

7.2CVSS8.9AI score0.01703EPSS
CVE
CVE
added 2025/01/30 3:26 p.m.73 views

CVE-2025-22219

VMware Aria Operations for Logs is affected by CVE-2025-22219 (stored cross-site scripting). According to the sources, a malicious actor with non-administrative privileges can inject scripts that may lead to arbitrary admin actions. Remediation is available in the fixed version 8.18.3 for Aria Op...

9CVSS6.5AI score0.00642EPSS
CVE
CVE
added 2025/01/30 3:30 p.m.72 views

CVE-2025-22221

CVE-2025-22221 affects VMware Aria Operations for Logs. The stored cross-site scripting vulnerability can be triggered by a malicious actor with admin privileges to VMware Aria Operations for Logs, allowing injection of a script that could execute in a victim’s browser during a delete action in t...

5.2CVSS5AI score0.00385EPSS