VMwareVMSA-2023-0018VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-34039, CVE-2023-20890)
3a. Aria Operations for Networks Authentication Bypass Vulnerability (CVE-2023-34039)
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.8.
3b. Aria Operations for Networks Arbitrary File Write Vulnerability (CVE-2023-20890)
Aria Operations for Networks contains an arbitrary file write vulnerability. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.2.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vmware aria operations networks | eq | 6.x |
References
customerconnect.vmware.com/en/downloads/info/slug/infrastructure_operations_management/vmware_aria_operations_for_networks/6_x
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20890
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34039
docs.vmware.com/en/VMware-Aria-Operations-for-Networks/services/rn/vmware-aria-operations-for-networks-release-notes/index.html
kb.vmware.com/s/article/94152
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Related
