VMware Aria Operations For Networks
By the Year
In 2024 there have been 5 vulnerabilities in VMware Aria Operations For Networks with an average score of 6.0 out of ten. Last year Aria Operations For Networks had 2 security vulnerabilities published. That is, 3 more vulnerabilities have already been reported in 2024 as compared to last year. Last year, the average CVE base score was greater by 2.48
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 5 | 6.02 |
| 2023 | 2 | 8.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Aria Operations For Networks vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Aria Operations For Networks Security Vulnerabilities
Aria Operations for Networks contains a cross site scripting vulnerability
CVE-2024-22241
4.8 - Medium
- February 06, 2024
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.
XSS
Aria Operations for Networks contains a local file read vulnerability
CVE-2024-22240
4.9 - Medium
- February 06, 2024
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.
Files or Directories Accessible to External Parties
Aria Operations for Networks contains a local privilege escalation vulnerability
CVE-2024-22239
7.8 - High
- February 06, 2024
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.
Improper Privilege Management
Aria Operations for Networks contains a cross site scripting vulnerability
CVE-2024-22238
4.8 - Medium
- February 06, 2024
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.
XSS
Aria Operations for Networks contains a local privilege escalation vulnerability
CVE-2024-22237
7.8 - High
- February 06, 2024
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.
Improper Privilege Management
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation
CVE-2023-34039
9.8 - Critical
- August 29, 2023
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
Use of a Broken or Risky Cryptographic Algorithm
Aria Operations for Networks contains an arbitrary file write vulnerability
CVE-2023-20890
7.2 - High
- August 29, 2023
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for VMware Aria Operations For Networks or by VMware? Click the Watch button to subscribe.
