Cloud Foundation@5.2 Security Vulnerabilities and Issues — Cloud Foundation@5.2 CVE List

Lucene search

VmwareCloud Foundation5.2

11 matches found

CVE•added 2025/01/30 4:15 p.m.•156 views

CVE-2025-22220

VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user.

5.4CVSS4.6AI score0.00074EPSS

CVE•added 2025/01/30 3:15 p.m.•122 views

CVE-2025-22218

VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs

8.5CVSS8AI score0.00131EPSS

CVE•added 2025/01/30 4:15 p.m.•69 views

CVE-2025-22222

VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.

7.7CVSS7.3AI score0.00157EPSS

CVE•added 2024/02/21 5:15 a.m.•61 views

CVE-2024-22235

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

6.7CVSS6.8AI score0.00045EPSS

CVE•added 2025/01/30 4:15 p.m.•58 views

CVE-2025-22219

VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user.

9CVSS6.5AI score0.00116EPSS

CVE•added 2025/01/30 4:15 p.m.•57 views

CVE-2025-22221

VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configur...

5.2CVSS5AI score0.00122EPSS

CVE•added 2024/11/26 12:15 p.m.•55 views

CVE-2024-38830

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.

7.8CVSS7.9AI score0.00036EPSS

CVE•added 2024/11/26 12:15 p.m.•50 views

CVE-2024-38832

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

7.1CVSS6.5AI score0.00631EPSS

CVE•added 2024/11/26 12:15 p.m.•48 views

CVE-2024-38834

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

6.5CVSS6.1AI score0.00314EPSS

CVE•added 2024/11/26 12:15 p.m.•47 views

CVE-2024-38833

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

6.8CVSS6.3AI score0.00209EPSS

CVE•added 2024/11/26 12:15 p.m.•46 views

CVE-2024-38831

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations.

7.8CVSS8AI score0.00307EPSS