VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HVMware Cloud Foundation
APPVmware4.0 – 4.5VMware Vrealize Operations
APPVmware8.10.08.6.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Deserialization
Powiązane podatności
CVE-2025-22224CRITICAL9.3⚠ KEVPL ✓ten sam produkt
VMware ESXi/Workstation: TOCTOU umożliwia ucieczkę z VM przez VMX process
CVE-2024-38812CRITICAL9.8⚠ KEVPL ✓ten sam produkt
VMware vCenter Server — heap-overflow w DCERPC umożliwia RCE
CVE-2024-37079CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Heap overflow w VMware vCenter Server via protokół DCERPC — RCE
CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...
CVE-2021-22005CRITICAL9.8⚠ KEVten sam produkt
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor...