Lucene search
K
VmwareVrealize Operations

18 matches found

CVE
CVE
added 2023/02/01 12:0 a.m.125 views

CVE-2023-20856

CVE-2023-20856 affects VMware vRealize Operations (vROps) CSRF bypass in the 8.6.x line prior to 8.6.4. The vulnerability could allow a malicious authenticated user to perform actions on behalf of another authenticated user. Root cause is CSRF bypass in vROps; impact is high (C&E/I/A) as per CVSS...

8.8CVSS8.7AI score0.00404EPSS
CVE
CVE
added 2022/08/09 8:19 p.m.121 views

CVE-2022-31673

CVE-2022-31673 affects VMware vRealize Operations (versions affected per VMSA-2022-0022). Description: a low-privileged, network-access attacker can create and leak hex dumps, causing information disclosure; successful exploitation can lead to remote code execution. Connected documents corroborat...

8.8CVSS8.4AI score0.01288EPSS
CVE
CVE
added 2023/05/12 12:0 a.m.110 views

CVE-2023-20877

CVE-2023-20877 affects VMware Aria Operations. An authenticated user with ReadOnly privileges can lead to code execution and privilege escalation. Affected product: VMware Aria Operations (vRealize). CVSSv3.1: 8.8 (HIGH) with Network attack, low complexity, privileges required: LOW. Root cause an...

8.8CVSS8.9AI score0.00652EPSS
CVE
CVE
added 2022/08/09 8:19 p.m.108 views

CVE-2022-31674

CVE-2022-31674 affects VMware vRealize Operations 8.x before 8.6.4. It is an information-disclosure vulnerability: a low-privileged, network-accessible attacker can access log files that reveal information. The issue is discussed alongside related CVEs (31672–31675) in VMware’s VMSA-2022-0022 adv...

4.3CVSS5.6AI score0.00544EPSS
CVE
CVE
added 2022/08/09 8:18 p.m.97 views

CVE-2022-31672

CVE-2022-31672 affects VMware vRealize Operations (vROps) 8.x prior to 8.6.4. A malicious actor with administrative network access can escalate privileges to root (Privilege Escalation). Additional related CVEs in the same VMSA-2022-0022 advisory include CVE-2022-31673 / 31674 / 31675, indicating...

7.2CVSS7.9AI score0.00557EPSS
CVE
CVE
added 2022/08/09 8:19 p.m.96 views

CVE-2022-31675

CVE-2022-31675 affects VMware vRealize Operations. The issue is an authentication bypass allowing an unauthenticated attacker with network access to create an administrative user. Public sources (NVD entry) assign CVSSv3.1: 7.5 (High) with network access and no user interaction. Connected documen...

7.5CVSS8.1AI score0.00718EPSS
CVE
CVE
added 2020/02/19 8:3 p.m.93 views

CVE-2020-3945

CVE-2020-3945 is an information-disclosure vulnerability in VMware’s vRealize Operations for Horizon Adapter . Affected releases are 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1 . The root cause is an incorrect pairing/implementation between the Horizon Adapter and Horizon View, enabling an unau...

7.5CVSS7.7AI score0.01386EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.92 views

CVE-2022-31708

CVE-2022-31708 is a broken access control vulnerability in VMware’s vRealize Operations (vROps) . Connected documents confirm the issue’s impact as a moderate severity (CVSSv3 base score up to 4.4) with an attack surface involving an authenticated admin user potentially reading sensitive informat...

4.9CVSS5.4AI score0.00795EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.89 views

CVE-2022-31707

CVE-2022-31707 affects VMware vRealize Operations (vROps). A privilege-escalation vulnerability exists in vROps that can allow an authenticated admin to gain root access to the underlying OS. Reported CVSSv3 base score 7.2 (HIGH); attack vector: network, required privileges: high, no user interac...

7.2CVSS7.2AI score0.00962EPSS
CVE
CVE
added 2020/02/19 8:3 p.m.84 views

CVE-2020-3944

CVE-2020-3944 concerns VMware vRealize Operations for Horizon Adapter. The issue is an improper trust store configuration that leads to an authentication bypass. An unauthenticated remote attacker with network access to vRealize Operations, while the Horizon Adapter is running, could bypass adapt...

8.6CVSS9.1AI score0.01489EPSS
CVE
CVE
added 2020/02/19 8:4 p.m.80 views

CVE-2020-3943

CVE-2020-3943 describes a remote code execution vulnerability in VMware vRealize Operations for Horizon Adapter. Affected versions are 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1, where a JMX RMI service is not securely configured. An unauthenticated remote attacker with network access to vReal...

9.8CVSS9.6AI score0.02331EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.71 views

CVE-2022-31682

CVE-2022-31682 affects VMware vRealize Operations (VMware Aria Operations) via an arbitrary file read vulnerability that can be exploited by an administrator to read arbitrary files containing sensitive data. Public sources in connected documents confirm affected product is VMware Aria/ vRealize ...

4.9CVSS5AI score0.00583EPSS
CVE
CVE
added 2023/05/12 12:0 a.m.70 views

CVE-2023-20878

CVE-2023-20878 affects VMware Aria Operations (formerly vRealize Operations). The connected sources describe a deserialization vulnerability that allows a malicious actor with administrative privileges to execute arbitrary commands and disrupt the system. Exploitation details in the VMSA-2023-000...

7.2CVSS7.8AI score0.01001EPSS
CVE
CVE
added 2016/12/29 9:2 a.m.67 views

CVE-2016-7462

CVE-2016-7462 affects VMware vRealize Operations (vROps) 6.x prior to 6.4.0. The REST API deserialization vulnerability allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload mishandled during deserialization. VM...

8.5CVSS7.9AI score0.02045EPSS
CVE
CVE
added 2023/05/12 12:0 a.m.67 views

CVE-2023-20879

CVE-2023-20879 affects VMware Aria Operations and describes a Local Privilege Escalation vulnerability where a user with administrative privileges can gain root access to the underlying OS. The issue is corroborated across multiple sources (Red Hat, NVD, CVE lists, Nessus plugin), which align on ...

6.7CVSS7.3AI score0.00183EPSS
CVE
CVE
added 2021/10/13 3:42 p.m.66 views

CVE-2021-22033

CVE-2021-22033 affects VMware vRealize Operations prior to 8.6. The root cause is a Server Side Request Forgery (SSRF) vulnerability. Impact is Low CVSS v3.1 (2.7) with network access, requiring admin privileges and no user interaction. Remediation is to apply the fixed versions: vRealize Operati...

4CVSS4AI score0.00588EPSS
CVE
CVE
added 2018/12/18 8:0 p.m.54 views

CVE-2018-6978

CVE-2018-6978 affects VMware vRealize Operations (vROps) Manager. A local privilege escalation exists due to improper permissions on support scripts, enabling an admin user with shell access to elevate to root on the vROps host. Affected products/versions: vROps 7.x prior to 7.0.0.11287810; 6.7.x...

7.2CVSS6.7AI score0.00331EPSS
CVE
CVE
added 2016/12/29 9:2 a.m.53 views

CVE-2016-7457

CVE-2016-7457 affects VMware vRealize Operations (vROps) 6.x prior to 6.4.0. A privilege-escalation vulnerability could allow a remote authenticated vROps user (low-privileged) to gain full access to the application and potentially stop or delete virtual machines. The primary root cause is a priv...

10CVSS9AI score0.03183EPSS