cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-38834,https://securityvulnerability.io/vulnerability/CVE-2024-38834,VMware Aria Operations Exposes Cross-Site Scripting Vulnerability,VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.,Vmware,Vmware Aria Operations,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-26T11:56:48.573Z,0
CVE-2024-38833,https://securityvulnerability.io/vulnerability/CVE-2024-38833,VMware Aria Operations Vulnerability: Stored Cross-Site Scripting Flaw,VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.,Vmware,Vmware Aria Operations,6.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-26T11:54:54.847Z,0
CVE-2024-38832,https://securityvulnerability.io/vulnerability/CVE-2024-38832,VMware Aria Operations Stored XSS Vulnerability,"VMware Aria Operations is affected by a stored cross-site scripting vulnerability that permits a malicious actor with editing access to views to inject harmful scripts. This flaw can compromise user data and session integrity, posing significant risks to application security. It is advised for users and administrators to review their access controls and apply any necessary patches to mitigate this vulnerability.",Vmware,Vmware Aria Operations,7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-26T11:51:39.551Z,0
CVE-2024-38831,https://securityvulnerability.io/vulnerability/CVE-2024-38831,VMware Aria Operations Local Privilege Escalation Vulnerability,"VMware Aria Operations is exposed to a local privilege escalation vulnerability that allows a malicious actor, who already possesses local administrative privileges, to escalate their privileges to that of a root user. This can be achieved by inserting malicious commands into the properties file on the appliance running VMware Aria Operations. Organizations using this product should review their permissions and implement appropriate security measures to prevent exploitation.",Vmware,Vmware Aria Operations,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-26T11:50:20.202Z,0
CVE-2024-38830,https://securityvulnerability.io/vulnerability/CVE-2024-38830,Local Privilege Escalation Vulnerability Affects VMware Aria Operations,"VMware Aria Operations is susceptible to a local privilege escalation vulnerability that allows a malicious actor with existing local administrative privileges to escalate their access to the root user level on the appliance. This weakness poses a serious risk as it can lead to unauthorized control of the system, enabling the attacker to perform critical actions that can compromise the integrity and confidentiality of the underlying infrastructure. Organizations must assess their deployments and apply the necessary mitigations to protect their systems from potential exploitation.",Vmware,Vmware Aria Operations,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-26T11:49:16.781Z,0
CVE-2024-22235,https://securityvulnerability.io/vulnerability/CVE-2024-22235,Local Privilege Escalation Vulnerability Affects VMware Aria Operations,VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.,VMware,VMware Aria Operations,6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-21T04:59:48.892Z,0
CVE-2023-34051,https://securityvulnerability.io/vulnerability/CVE-2023-34051,Authentication Bypass in VMware Aria Operations for Logs,"VMware Aria Operations for Logs is impacted by a vulnerability that allows an unauthenticated attacker to bypass authentication protocols. By exploiting this flaw, a malicious user can inject arbitrary files into the operating system of the affected appliance, leading to potential remote code execution. Organizations using this software should prioritize mitigating this risk to protect their systems from unauthorized access and exploitation.",Vmware,VMware Aria Operations for Logs,9.8,CRITICAL,0.0021800000686198473,false,false,false,true,true,false,false,2023-10-20T05:15:00.000Z,0
CVE-2023-34052,https://securityvulnerability.io/vulnerability/CVE-2023-34052,Deserialization Vulnerability in VMware Aria Operations for Logs,"VMware Aria Operations for Logs suffers from a deserialization vulnerability that can be exploited by an attacker with non-administrative access. This flaw allows a malicious actor to manipulate the data's deserialization process, potentially leading to authentication bypass, thereby compromising the integrity of user authentication and system security.",Vmware,Vmware Aria Operations For Logs,7.8,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2023-10-20T05:15:00.000Z,0
CVE-2023-34043,https://securityvulnerability.io/vulnerability/CVE-2023-34043,,VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.,Vmware,Vmware Aria Operations,6.7,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-09-27T15:18:00.000Z,0
CVE-2023-20880,https://securityvulnerability.io/vulnerability/CVE-2023-20880,,VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.,Vmware,VMware Aria Operations (formerly vRealize Operations),6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-05-12T00:00:00.000Z,0
CVE-2023-20878,https://securityvulnerability.io/vulnerability/CVE-2023-20878,Deserialization Vulnerability in VMware Aria Operations,"VMware Aria Operations is affected by a deserialization vulnerability that allows an authenticated attacker with administrative privileges to execute arbitrary commands. This exploit can potentially disrupt the normal operation of the system, leading to serious security implications. Users are advised to review the security advisory for necessary updates and mitigation strategies.",Vmware,VMware Aria Operations (formerly vRealize Operations),7.2,HIGH,0.0007200000109151006,false,false,false,false,,false,false,2023-05-12T00:00:00.000Z,0
CVE-2023-20879,https://securityvulnerability.io/vulnerability/CVE-2023-20879,,VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.,Vmware,VMware Aria Operations (formerly vRealize Operations),6.7,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-05-12T00:00:00.000Z,0
CVE-2023-20877,https://securityvulnerability.io/vulnerability/CVE-2023-20877,Privilege Escalation Vulnerability in VMware Aria Operations,"VMware Aria Operations is susceptible to a privilege escalation vulnerability that allows an authenticated user with ReadOnly privileges to execute arbitrary code. This flaw may lead to unauthorized access and manipulation of system settings, thereby compromising the security integrity of the operations environment. It is imperative for users of VMware Aria Operations to apply the necessary patches provided by VMware to mitigate the risks associated with this vulnerability.",Vmware,VMware Aria Operations (formerly vRealize Operations),8.8,HIGH,0.0011099999537691474,false,false,false,false,,false,false,2023-05-12T00:00:00.000Z,0
CVE-2023-20865,https://securityvulnerability.io/vulnerability/CVE-2023-20865,Command Injection Vulnerability in VMware Aria Operations for Logs,"A command injection vulnerability has been identified in VMware Aria Operations for Logs. This flaw allows an attacker with administrative access to execute arbitrary commands with root privileges, potentially leading to unauthorized access and control over the affected system. It is essential for organizations using this product to investigate and apply the recommended security patches to mitigate the risks associated with this vulnerability.",Vmware,VMware Aria Operations for Logs (formerly vRealize Log Insight),7.2,HIGH,0.000910000002477318,false,false,false,false,,false,false,2023-04-20T00:00:00.000Z,0
CVE-2023-20864,https://securityvulnerability.io/vulnerability/CVE-2023-20864,Deserialization Vulnerability in VMware Aria Operations for Logs,"VMware Aria Operations for Logs is affected by a deserialization vulnerability that allows unauthenticated attackers with network access to execute arbitrary code with root privileges. This vulnerability poses a significant risk as it can be exploited remotely, enabling malicious actors to gain unauthorized access and potentially compromise system integrity. Organizations utilizing this product should take immediate action to implement patches and ensure their systems are secure against potential exploit attempts.",Vmware,VMware Aria Operations for Logs (formerly vRealize Log Insight),9.8,CRITICAL,0.26137998700141907,false,false,false,false,,false,false,2023-04-20T00:00:00.000Z,0
CVE-2022-31682,https://securityvulnerability.io/vulnerability/CVE-2022-31682,,VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.,Vmware,Vmware Aria Operations,4.9,MEDIUM,0.000590000010561198,false,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0