VMware Aria Operations For Networks

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in VMware Aria Operations For Networks.

By the Year

In 2026 there have been 0 vulnerabilities in VMware Aria Operations For Networks. Aria Operations For Networks did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	0	0.00
2024	5	6.02
2023	5	8.62

It may take a day or so for new Aria Operations For Networks vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent VMware Aria Operations For Networks Security Vulnerabilities

Aria Ops for Networks XSS via Admin-Injected Login Banner
CVE-2024-22241 4.8 - Medium - February 06, 2024

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.

XSS

Aria Ops Networks LFR Vulnerability Allows Admin Access
CVE-2024-22240 4.9 - Medium - February 06, 2024

Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.

Files or Directories Accessible to External Parties

CVE-2024-22239: LPE in Aria Ops for Networks via Console to Shell
CVE-2024-22239 7.8 - High - February 06, 2024

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.

Improper Privilege Management

Aria Ops Net XSS: Admin can inject malicious code in user profile configs
CVE-2024-22238 4.8 - Medium - February 06, 2024

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.

XSS

LPE in Aria Ops for Networks (CVE-2024-22237)
CVE-2024-22237 7.8 - High - February 06, 2024

Improper Privilege Management

Aria Ops Nwks SSH Auth Bypass via Non-Unique Crypto Key
CVE-2023-34039 9.8 - Critical - August 29, 2023

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.

Use of a Broken or Risky Cryptographic Algorithm

VMware Aria Ops for Networks Arbitrary File Write RCE
CVE-2023-20890 7.2 - High - August 29, 2023

Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.

Directory traversal

Remote Command Injection CVE-2023-20887 in VMware Aria Ops
CVE-2023-20887 9.8 - Critical - June 07, 2023

Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

Command Injection

VMware Aria Ops for Networks: Info Disclosure via CA Injection
CVE-2023-20889 7.5 - High - June 07, 2023

Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.

Command Injection

Authenticated Deserialization RCE in VMware Aria Ops for Networks
CVE-2023-20888 8.8 - High - June 07, 2023

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.

Marshaling, Unmarshaling

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for VMware Aria Operations For Networks or by VMware? Click the Watch button to subscribe.

VMware
Vendor

VMware Aria Operations For Networks
Product

VMware Aria Operations For Networks

Don't miss out!

By the Year

Recent VMware Aria Operations For Networks Security Vulnerabilities

Aria Ops for Networks XSS via Admin-Injected Login Banner CVE-2024-22241 4.8 - Medium - February 06, 2024

Aria Ops Networks LFR Vulnerability Allows Admin Access CVE-2024-22240 4.9 - Medium - February 06, 2024

CVE-2024-22239: LPE in Aria Ops for Networks via Console to Shell CVE-2024-22239 7.8 - High - February 06, 2024

Aria Ops Net XSS: Admin can inject malicious code in user profile configs CVE-2024-22238 4.8 - Medium - February 06, 2024

LPE in Aria Ops for Networks (CVE-2024-22237) CVE-2024-22237 7.8 - High - February 06, 2024

Aria Ops Nwks SSH Auth Bypass via Non-Unique Crypto Key CVE-2023-34039 9.8 - Critical - August 29, 2023

VMware Aria Ops for Networks Arbitrary File Write RCE CVE-2023-20890 7.2 - High - August 29, 2023

Remote Command Injection CVE-2023-20887 in VMware Aria Ops CVE-2023-20887 9.8 - Critical - June 07, 2023

VMware Aria Ops for Networks: Info Disclosure via CA Injection CVE-2023-20889 7.5 - High - June 07, 2023

Authenticated Deserialization RCE in VMware Aria Ops for Networks CVE-2023-20888 8.8 - High - June 07, 2023