18 matches found
CVE-2023-20856
CVE-2023-20856 affects VMware vRealize Operations (vROps) CSRF bypass in the 8.6.x line prior to 8.6.4. The vulnerability could allow a malicious authenticated user to perform actions on behalf of another authenticated user. Root cause is CSRF bypass in vROps; impact is high (C&E/I/A) as per CVSS...
CVE-2022-31673
CVE-2022-31673 affects VMware vRealize Operations (versions affected per VMSA-2022-0022). Description: a low-privileged, network-access attacker can create and leak hex dumps, causing information disclosure; successful exploitation can lead to remote code execution. Connected documents corroborat...
CVE-2023-20877
CVE-2023-20877 affects VMware Aria Operations. An authenticated user with ReadOnly privileges can lead to code execution and privilege escalation. Affected product: VMware Aria Operations (vRealize). CVSSv3.1: 8.8 (HIGH) with Network attack, low complexity, privileges required: LOW. Root cause an...
CVE-2022-31674
CVE-2022-31674 affects VMware vRealize Operations 8.x before 8.6.4. It is an information-disclosure vulnerability: a low-privileged, network-accessible attacker can access log files that reveal information. The issue is discussed alongside related CVEs (31672–31675) in VMware’s VMSA-2022-0022 adv...
CVE-2022-31672
CVE-2022-31672 affects VMware vRealize Operations (vROps) 8.x prior to 8.6.4. A malicious actor with administrative network access can escalate privileges to root (Privilege Escalation). Additional related CVEs in the same VMSA-2022-0022 advisory include CVE-2022-31673 / 31674 / 31675, indicating...
CVE-2022-31675
CVE-2022-31675 affects VMware vRealize Operations. The issue is an authentication bypass allowing an unauthenticated attacker with network access to create an administrative user. Public sources (NVD entry) assign CVSSv3.1: 7.5 (High) with network access and no user interaction. Connected documen...
CVE-2020-3945
CVE-2020-3945 is an information-disclosure vulnerability in VMware’s vRealize Operations for Horizon Adapter . Affected releases are 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1 . The root cause is an incorrect pairing/implementation between the Horizon Adapter and Horizon View, enabling an unau...
CVE-2022-31708
CVE-2022-31708 is a broken access control vulnerability in VMware’s vRealize Operations (vROps) . Connected documents confirm the issue’s impact as a moderate severity (CVSSv3 base score up to 4.4) with an attack surface involving an authenticated admin user potentially reading sensitive informat...
CVE-2022-31707
CVE-2022-31707 affects VMware vRealize Operations (vROps). A privilege-escalation vulnerability exists in vROps that can allow an authenticated admin to gain root access to the underlying OS. Reported CVSSv3 base score 7.2 (HIGH); attack vector: network, required privileges: high, no user interac...
CVE-2020-3944
CVE-2020-3944 concerns VMware vRealize Operations for Horizon Adapter. The issue is an improper trust store configuration that leads to an authentication bypass. An unauthenticated remote attacker with network access to vRealize Operations, while the Horizon Adapter is running, could bypass adapt...
CVE-2020-3943
CVE-2020-3943 describes a remote code execution vulnerability in VMware vRealize Operations for Horizon Adapter. Affected versions are 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1, where a JMX RMI service is not securely configured. An unauthenticated remote attacker with network access to vReal...
CVE-2022-31682
CVE-2022-31682 affects VMware vRealize Operations (VMware Aria Operations) via an arbitrary file read vulnerability that can be exploited by an administrator to read arbitrary files containing sensitive data. Public sources in connected documents confirm affected product is VMware Aria/ vRealize ...
CVE-2023-20878
CVE-2023-20878 affects VMware Aria Operations (formerly vRealize Operations). The connected sources describe a deserialization vulnerability that allows a malicious actor with administrative privileges to execute arbitrary commands and disrupt the system. Exploitation details in the VMSA-2023-000...
CVE-2016-7462
CVE-2016-7462 affects VMware vRealize Operations (vROps) 6.x prior to 6.4.0. The REST API deserialization vulnerability allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload mishandled during deserialization. VM...
CVE-2023-20879
CVE-2023-20879 affects VMware Aria Operations and describes a Local Privilege Escalation vulnerability where a user with administrative privileges can gain root access to the underlying OS. The issue is corroborated across multiple sources (Red Hat, NVD, CVE lists, Nessus plugin), which align on ...
CVE-2021-22033
CVE-2021-22033 affects VMware vRealize Operations prior to 8.6. The root cause is a Server Side Request Forgery (SSRF) vulnerability. Impact is Low CVSS v3.1 (2.7) with network access, requiring admin privileges and no user interaction. Remediation is to apply the fixed versions: vRealize Operati...
CVE-2018-6978
CVE-2018-6978 affects VMware vRealize Operations (vROps) Manager. A local privilege escalation exists due to improper permissions on support scripts, enabling an admin user with shell access to elevate to root on the vROps host. Affected products/versions: vROps 7.x prior to 7.0.0.11287810; 6.7.x...
CVE-2016-7457
CVE-2016-7457 affects VMware vRealize Operations (vROps) 6.x prior to 6.4.0. A privilege-escalation vulnerability could allow a remote authenticated vROps user (low-privileged) to gain full access to the application and potentially stop or delete virtual machines. The primary root cause is a priv...