VMware Vrealize Operations
By the Year
In 2024 there have been 0 vulnerabilities in VMware Vrealize Operations . Last year Vrealize Operations had 4 security vulnerabilities published. Right now, Vrealize Operations is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 4 | 7.88 |
| 2022 | 7 | 6.40 |
| 2021 | 1 | 2.70 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 6.70 |
It may take a day or so for new Vrealize Operations vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Vrealize Operations Security Vulnerabilities
VMware Aria Operations contains a Local privilege escalation vulnerability
CVE-2023-20879
6.7 - Medium
- May 12, 2023
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.
VMware Aria Operations contains a deserialization vulnerability
CVE-2023-20878
7.2 - High
- May 12, 2023
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.
Marshaling, Unmarshaling
VMware Aria Operations contains a privilege escalation vulnerability
CVE-2023-20877
8.8 - High
- May 12, 2023
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability
CVE-2023-20856
8.8 - High
- February 01, 2023
VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user.
Session Riding
vRealize Operations (vROps) contains a broken access control vulnerability
CVE-2022-31708
4.9 - Medium
- December 16, 2022
vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
vRealize Operations (vROps) contains a privilege escalation vulnerability
CVE-2022-31707
7.2 - High
- December 16, 2022
vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
VMware Aria Operations contains an arbitrary file read vulnerability
CVE-2022-31682
4.9 - Medium
- October 11, 2022
VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.
VMware vRealize Operations contains an authentication bypass vulnerability
CVE-2022-31675
7.5 - High
- August 10, 2022
VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.
VMware vRealize Operations contains an information disclosure vulnerability
CVE-2022-31674
4.3 - Medium
- August 10, 2022
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.
Insertion of Sensitive Information into Log File
VMware vRealize Operations contains an information disclosure vulnerability
CVE-2022-31673
8.8 - High
- August 10, 2022
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.
VMware vRealize Operations contains a privilege escalation vulnerability
CVE-2022-31672
7.2 - High
- August 10, 2022
VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
CVE-2021-22033
2.7 - Low
- October 13, 2021
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
XSPA
vRealize Operations (7.x before 7.0.0.11287810
CVE-2018-6978
6.7 - Medium
- December 18, 2018
vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.
Incorrect Permission Assignment for Critical Resource
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for VMware Vrealize Operations or by VMware? Click the Watch button to subscribe.
