VMwareVMSA-2024-0002VMware Aria Operations for Networks (Formerly vRealize Network Insight) updates address multiple vulnerabilities (CVE-2024-22237, CVE-2024-22238, CVE-2024-22239, CVE-2024-22240, CVE-2024-22241)
3a. Local Privilege Escalation vulnerability (CVE-2024-22237)
Aria Operations for Networks contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
3b. Cross Site Scripting Vulnerability (CVE-2024-22238)
Aria Operations for Networks contains a cross site scripting vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.4.
3e. Cross Site Scripting vulnerability (CVE-2024-22241)
Aria Operations for Networks contains a cross site scripting vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.
| CPE | Name | Operator | Version |
|---|---|---|---|
| aria operations for networks | eq | 6.x |
References
customerconnect.vmware.com/en/downloads/details?downloadGroup=OPERATIONSNETWORKS-6120&productId=1070&rPId=114850
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22237
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22238
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22239
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22240
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22241
docs.vmware.com/en/VMware-Aria-Operations-for-Networks/services/rn/vmware-aria-operations-for-networks-release-notes/index.html
kb.vmware.com/s/article/96450
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Related
