Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HVMware Aria Operations For Networks
APPVmware6.2.0 – 6.10.0
CISA KEV — detailsi
- Vendori
- VMware ↗
- Producti
- Aria Operations for Networks
- Added to KEVi
- June 22, 2023
- Remediation deadline (US Federal)i
- July 13, 2023(overdue)
Apply updates per vendor instructions.
VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution.
Related vulnerabilities
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptogra...
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access t...
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor ...
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privi...
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privi...