VMware Vrealize Operations
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in VMware Vrealize Operations.
By the Year
In 2026 there have been 0 vulnerabilities in VMware Vrealize Operations. Vrealize Operations did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 4 | 7.88 |
| 2022 | 7 | 6.40 |
| 2021 | 1 | 2.70 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 2 | 0.00 |
It may take a day or so for new Vrealize Operations vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Vrealize Operations Security Vulnerabilities
VMware Aria Ops LPE: Admin-user Escalates to Root OS
CVE-2023-20879
6.7 - Medium
- May 12, 2023
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.
VMware Aria Ops: Deserialization Exec with Admin Privs - CVE-2023-20878
CVE-2023-20878
7.2 - High
- May 12, 2023
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.
Marshaling, Unmarshaling
VMware Aria Ops PrivEsc via ReadOnly Code Exec
CVE-2023-20877
8.8 - High
- May 12, 2023
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
VMware vROps CSRF Bypass Enables Unauthorized Action
CVE-2023-20856
8.8 - High
- February 01, 2023
VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user.
Session Riding
vROps Broken Access Control Vulnerability in vRealize Operations
CVE-2022-31708
4.9 - Medium
- December 16, 2022
vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
Priv Escalation in VMware vROps (vRealize Ops) - CVE-2022-31707
CVE-2022-31707
7.2 - High
- December 16, 2022
vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
VMware Aria Ops arbitrary file read via auth bypass
CVE-2022-31682
4.9 - Medium
- October 11, 2022
VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.
VMware vRealize Ops Auth Bypass: Unauth User Creation to Admin
CVE-2022-31675
7.5 - High
- August 10, 2022
VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.
VMware vRealize Ops Log File Info Disclosure for Low-Privileged Network Users
CVE-2022-31674
4.3 - Medium
- August 10, 2022
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.
Insertion of Sensitive Information into Log File
VMware vRealize Ops RCE via hex dump info disclosure
CVE-2022-31673
8.8 - High
- August 10, 2022
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.
VMware vRealize Ops: Priv Esc to Root via Admin Net Access
CVE-2022-31672
7.2 - High
- August 10, 2022
VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
CVE-2021-22033
2.7 - Low
- October 13, 2021
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
SSRF
vRealize Operations (7.x before 7.0.0.11287810
CVE-2018-6978
- December 18, 2018
vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.
The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability
CVE-2017-4946
- January 05, 2018
The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for VMware Vrealize Operations or by VMware? Click the Watch button to subscribe.
