cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-20877,https://securityvulnerability.io/vulnerability/CVE-2023-20877,Privilege Escalation Vulnerability in VMware Aria Operations,"VMware Aria Operations is susceptible to a privilege escalation vulnerability that allows an authenticated user with ReadOnly privileges to execute arbitrary code. This flaw may lead to unauthorized access and manipulation of system settings, thereby compromising the security integrity of the operations environment. It is imperative for users of VMware Aria Operations to apply the necessary patches provided by VMware to mitigate the risks associated with this vulnerability.",Vmware,VMware Aria Operations (formerly vRealize Operations),8.8,HIGH,0.0011099999537691474,false,false,false,false,,false,false,2023-05-12T00:00:00.000Z,0
CVE-2023-20878,https://securityvulnerability.io/vulnerability/CVE-2023-20878,Deserialization Vulnerability in VMware Aria Operations,"VMware Aria Operations is affected by a deserialization vulnerability that allows an authenticated attacker with administrative privileges to execute arbitrary commands. This exploit can potentially disrupt the normal operation of the system, leading to serious security implications. Users are advised to review the security advisory for necessary updates and mitigation strategies.",Vmware,VMware Aria Operations (formerly vRealize Operations),7.2,HIGH,0.0007200000109151006,false,false,false,false,,false,false,2023-05-12T00:00:00.000Z,0
CVE-2023-20879,https://securityvulnerability.io/vulnerability/CVE-2023-20879,,VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.,Vmware,VMware Aria Operations (formerly vRealize Operations),6.7,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-05-12T00:00:00.000Z,0
CVE-2023-20880,https://securityvulnerability.io/vulnerability/CVE-2023-20880,,VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.,Vmware,VMware Aria Operations (formerly vRealize Operations),6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-05-12T00:00:00.000Z,0
CVE-2023-20864,https://securityvulnerability.io/vulnerability/CVE-2023-20864,Deserialization Vulnerability in VMware Aria Operations for Logs,"VMware Aria Operations for Logs is affected by a deserialization vulnerability that allows unauthenticated attackers with network access to execute arbitrary code with root privileges. This vulnerability poses a significant risk as it can be exploited remotely, enabling malicious actors to gain unauthorized access and potentially compromise system integrity. Organizations utilizing this product should take immediate action to implement patches and ensure their systems are secure against potential exploit attempts.",Vmware,VMware Aria Operations for Logs (formerly vRealize Log Insight),9.8,CRITICAL,0.26137998700141907,false,false,false,false,,false,false,2023-04-20T00:00:00.000Z,0
CVE-2023-20865,https://securityvulnerability.io/vulnerability/CVE-2023-20865,Command Injection Vulnerability in VMware Aria Operations for Logs,"A command injection vulnerability has been identified in VMware Aria Operations for Logs. This flaw allows an attacker with administrative access to execute arbitrary commands with root privileges, potentially leading to unauthorized access and control over the affected system. It is essential for organizations using this product to investigate and apply the recommended security patches to mitigate the risks associated with this vulnerability.",Vmware,VMware Aria Operations for Logs (formerly vRealize Log Insight),7.2,HIGH,0.000910000002477318,false,false,false,false,,false,false,2023-04-20T00:00:00.000Z,0
CVE-2023-20856,https://securityvulnerability.io/vulnerability/CVE-2023-20856,CSRF Bypass Vulnerability in VMware vRealize Operations,"VMware vRealize Operations contains a CSRF bypass vulnerability that allows an attacker to perform unauthorized actions on the platform. This occurs as a result of a flaw in the application's handling of requests, which can be exploited by a malicious user to execute actions as an authenticated victim user, potentially leading to unwanted modifications or data breaches. Users are urged to review security advisories and implement recommended mitigations to safeguard their environments.",Vmware,VMware vRealize Operations (vROps),8.8,HIGH,0.001019999966956675,false,false,false,false,,false,false,2023-02-01T03:15:00.000Z,0
CVE-2022-31708,https://securityvulnerability.io/vulnerability/CVE-2022-31708,,vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.,Vmware,Vmware Vrealize Operations (vrops),4.9,MEDIUM,0.000910000002477318,false,false,false,false,,false,false,2022-12-16T00:00:00.000Z,0
CVE-2022-31707,https://securityvulnerability.io/vulnerability/CVE-2022-31707,,vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.,Vmware,Vmware Vrealize Operations (vrops),7.2,HIGH,0.0037299999967217445,false,false,false,false,,false,false,2022-12-16T00:00:00.000Z,0
CVE-2022-31673,https://securityvulnerability.io/vulnerability/CVE-2022-31673,,"VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.",Vmware,Vmware Vrealize Operations,8.8,HIGH,0.0029899999499320984,false,false,false,false,,false,false,2022-08-10T20:15:00.000Z,0
CVE-2022-31672,https://securityvulnerability.io/vulnerability/CVE-2022-31672,,VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.,Vmware,Vmware Vrealize Operations,7.2,HIGH,0.0010100000072270632,false,false,false,false,,false,false,2022-08-10T20:15:00.000Z,0
CVE-2022-31674,https://securityvulnerability.io/vulnerability/CVE-2022-31674,,VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.,Vmware,Vmware Vrealize Operations,4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2022-08-09T20:19:31.000Z,0
CVE-2022-31675,https://securityvulnerability.io/vulnerability/CVE-2022-31675,,VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.,Vmware,Vmware Vrealize Operations,7.5,HIGH,0.0007300000288523734,false,false,false,false,,false,false,2022-08-09T20:19:18.000Z,0
CVE-2021-22034,https://securityvulnerability.io/vulnerability/CVE-2021-22034,,Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability.,Vmware,Vmware Vrealize Operations Tenant App For Vmware Cloud Director,7.5,HIGH,0.0018599999602884054,false,false,false,false,,false,false,2021-10-21T19:35:10.000Z,0
CVE-2021-22033,https://securityvulnerability.io/vulnerability/CVE-2021-22033,,Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.,Vmware,Vmware Vrealize Operations,2.7,LOW,0.000539999979082495,false,false,false,false,,false,false,2021-10-13T15:42:58.000Z,0
CVE-2021-22025,https://securityvulnerability.io/vulnerability/CVE-2021-22025,,The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.,Vmware,Vmware Vrealize Operations,7.5,HIGH,0.0008200000156648457,false,false,false,false,,false,false,2021-08-30T17:54:41.000Z,0
CVE-2021-22026,https://securityvulnerability.io/vulnerability/CVE-2021-22026,,The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.,Vmware,Vmware Vrealize Operations,7.5,HIGH,0.0018599999602884054,false,false,false,false,,false,false,2021-08-30T17:54:40.000Z,0
CVE-2021-22027,https://securityvulnerability.io/vulnerability/CVE-2021-22027,,The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.,Vmware,Vmware Vrealize Operations,7.5,HIGH,0.0018599999602884054,false,false,false,false,,false,false,2021-08-30T17:54:40.000Z,0
CVE-2021-22024,https://securityvulnerability.io/vulnerability/CVE-2021-22024,,The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.,Vmware,Vmware Vrealize Operations,7.5,HIGH,0.0018599999602884054,false,false,false,false,,false,false,2021-08-30T17:53:37.000Z,0
CVE-2021-22023,https://securityvulnerability.io/vulnerability/CVE-2021-22023,,The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.,Vmware,Vmware Vrealize Operations,7.2,HIGH,0.0010100000072270632,false,false,false,false,,false,false,2021-08-30T17:53:35.000Z,0
CVE-2021-22022,https://securityvulnerability.io/vulnerability/CVE-2021-22022,,The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.,Vmware,Vmware Vrealize Operations,4.9,MEDIUM,0.0012400000123307109,false,false,false,false,,false,false,2021-08-30T17:53:32.000Z,0
CVE-2021-21975,https://securityvulnerability.io/vulnerability/CVE-2021-21975,,Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.,Vmware,Vmware Vrealize Operations,7.5,HIGH,0.9723399877548218,true,false,true,true,true,false,false,2021-03-31T17:51:51.000Z,0
CVE-2021-21983,https://securityvulnerability.io/vulnerability/CVE-2021-21983,,Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.,Vmware,Vmware Vrealize Operations,6.5,MEDIUM,0.0045900000259280205,false,false,false,true,true,false,false,2021-03-31T17:50:36.000Z,0