cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-20887,https://securityvulnerability.io/vulnerability/CVE-2023-20887,Command Injection Vulnerability in VMware Aria Operations for Networks,"VMware Aria Operations for Networks is affected by a command injection vulnerability that potentially allows a malicious actor with network access to execute arbitrary commands on the server. This flaw could lead to unauthorized actions and data exposure, underscoring the necessity for prompt patching. Organizations using this product should prioritize vulnerability assessments and implement protective measures to mitigate possible exploitation scenarios.",Vmware,Aria Operations For Networks (formerly Vrealize Network Insight),9.8,CRITICAL,0.9718199968338013,true,2023-06-22T00:00:00.000Z,true,false,true,2023-06-22T00:00:00.000Z,true,false,false,,2023-06-07T15:15:00.000Z,0
CVE-2023-20889,https://securityvulnerability.io/vulnerability/CVE-2023-20889,Information Disclosure Vulnerability in VMware Aria Operations for Networks,"An information disclosure vulnerability exists within VMware Aria Operations for Networks, allowing a malicious actor with network access to exploit the system by executing command injection attacks. Successful exploitation can result in the unintentional exposure of sensitive information. It is crucial for organizations using this product to apply the necessary security patches and remain vigilant against potential network threats.",Vmware,Aria Operations For Networks (formerly Vrealize Network Insight),7.5,HIGH,0.2498299926519394,false,,false,false,false,,,false,false,,2023-06-07T15:15:00.000Z,0
CVE-2023-20888,https://securityvulnerability.io/vulnerability/CVE-2023-20888,Authenticated Deserialization Vulnerability in VMware Aria Operations for Networks,"VMware Aria Operations for Networks is impacted by an authenticated deserialization vulnerability that allows attackers with valid 'member' role credentials and network access to execute arbitrary code remotely. This vulnerability poses a significant risk as it can enable unauthorized control over affected systems, facilitating further exploitation. Organizations utilizing this product should take immediate steps to assess their exposure and remediate the issue as advised in VMware's security advisory.",Vmware,Aria Operations For Networks (formerly Vrealize Network Insight),8.8,HIGH,0.19822999835014343,false,,true,false,false,,,false,false,,2023-06-07T15:15:00.000Z,0
CVE-2023-20880,https://securityvulnerability.io/vulnerability/CVE-2023-20880,Privilege Escalation Vulnerability in VMware Aria Operations,"VMware Aria Operations is impacted by a vulnerability that allows a malicious actor with administrative access to the localized system to gain elevated privileges to the root account. This flaw raises significant security concerns, as it permits unauthorized escalation of authority, potentially leading to further exploitation of the system.",Vmware,Vmware Aria Operations (formerly Vrealize Operations),6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-05-12T00:00:00.000Z,0
CVE-2023-20877,https://securityvulnerability.io/vulnerability/CVE-2023-20877,Privilege Escalation Vulnerability in VMware Aria Operations,"VMware Aria Operations is susceptible to a privilege escalation vulnerability that allows an authenticated user with ReadOnly privileges to execute arbitrary code. This flaw may lead to unauthorized access and manipulation of system settings, thereby compromising the security integrity of the operations environment. It is imperative for users of VMware Aria Operations to apply the necessary patches provided by VMware to mitigate the risks associated with this vulnerability.",Vmware,Vmware Aria Operations (formerly Vrealize Operations),8.8,HIGH,0.0011099999537691474,false,,false,false,false,,,false,false,,2023-05-12T00:00:00.000Z,0
CVE-2023-20878,https://securityvulnerability.io/vulnerability/CVE-2023-20878,Deserialization Vulnerability in VMware Aria Operations,"VMware Aria Operations is affected by a deserialization vulnerability that allows an authenticated attacker with administrative privileges to execute arbitrary commands. This exploit can potentially disrupt the normal operation of the system, leading to serious security implications. Users are advised to review the security advisory for necessary updates and mitigation strategies.",Vmware,Vmware Aria Operations (formerly Vrealize Operations),7.2,HIGH,0.0007200000109151006,false,,false,false,false,,,false,false,,2023-05-12T00:00:00.000Z,0
CVE-2023-20879,https://securityvulnerability.io/vulnerability/CVE-2023-20879,Local Privilege Escalation Vulnerability in VMware Aria Operations,"VMware Aria Operations has a vulnerability that allows an attacker with administrative privileges to escalate their access to root level on the underlying operating system. This could potentially lead to unauthorized control over system resources and sensitive data, posing significant risks to system integrity and security.",Vmware,Vmware Aria Operations (formerly Vrealize Operations),6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-05-12T00:00:00.000Z,0
CVE-2023-20864,https://securityvulnerability.io/vulnerability/CVE-2023-20864,Deserialization Vulnerability in VMware Aria Operations for Logs,"VMware Aria Operations for Logs is affected by a deserialization vulnerability that allows unauthenticated attackers with network access to execute arbitrary code with root privileges. This vulnerability poses a significant risk as it can be exploited remotely, enabling malicious actors to gain unauthorized access and potentially compromise system integrity. Organizations utilizing this product should take immediate action to implement patches and ensure their systems are secure against potential exploit attempts.",Vmware,Vmware Aria Operations For Logs (formerly Vrealize Log Insight),9.8,CRITICAL,0.26137998700141907,false,,false,false,false,,,false,false,,2023-04-20T00:00:00.000Z,0
CVE-2023-20865,https://securityvulnerability.io/vulnerability/CVE-2023-20865,Command Injection Vulnerability in VMware Aria Operations for Logs,"A command injection vulnerability has been identified in VMware Aria Operations for Logs. This flaw allows an attacker with administrative access to execute arbitrary commands with root privileges, potentially leading to unauthorized access and control over the affected system. It is essential for organizations using this product to investigate and apply the recommended security patches to mitigate the risks associated with this vulnerability.",Vmware,Vmware Aria Operations For Logs (formerly Vrealize Log Insight),7.2,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2023-04-20T00:00:00.000Z,0
CVE-2023-20856,https://securityvulnerability.io/vulnerability/CVE-2023-20856,CSRF Bypass Vulnerability in VMware vRealize Operations,"VMware vRealize Operations contains a CSRF bypass vulnerability that allows an attacker to perform unauthorized actions on the platform. This occurs as a result of a flaw in the application's handling of requests, which can be exploited by a malicious user to execute actions as an authenticated victim user, potentially leading to unwanted modifications or data breaches. Users are urged to review security advisories and implement recommended mitigations to safeguard their environments.",Vmware,VMware vRealize Operations (vROps),8.8,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2023-02-01T03:15:00.000Z,0
CVE-2022-31708,https://securityvulnerability.io/vulnerability/CVE-2022-31708,Broken Access Control in VMware vRealize Operations,"VMware vRealize Operations is affected by a broken access control vulnerability that may allow an attacker to gain unauthorized access to sensitive information or functionality. This flaw arises when the application improperly verifies user permissions, thereby enabling malicious users to exploit unauthorized access paths. It is crucial for organizations using vRealize Operations to apply the latest security updates to mitigate potential risks associated with this vulnerability.",Vmware,Vmware Vrealize Operations (vrops),4.9,MEDIUM,0.000910000002477318,false,,false,false,false,,,false,false,,2022-12-16T00:00:00.000Z,0
CVE-2022-31707,https://securityvulnerability.io/vulnerability/CVE-2022-31707,Privilege Escalation Vulnerability in vRealize Operations by VMware,"vRealize Operations (vROps) by VMware is susceptible to a vulnerability that allows an attacker to escalate their privileges within the system. This issue can potentially lead to unauthorized actions being performed by users with limited access, potentially jeopardizing sensitive data and system integrity. Administrators are encouraged to apply the recommended security updates to mitigate the risks associated with this vulnerability.",Vmware,Vmware Vrealize Operations (vrops),7.2,HIGH,0.0037299999967217445,false,,false,false,false,,,false,false,,2022-12-16T00:00:00.000Z,0
CVE-2022-31672,https://securityvulnerability.io/vulnerability/CVE-2022-31672,Privilege Escalation Vulnerability in VMware vRealize Operations,"VMware vRealize Operations is affected by a privilege escalation vulnerability that allows an attacker with administrative network access to gain root privileges. This vulnerability can lead to unauthorized access and potential system compromises if exploited. Organizations utilizing this software should review their security configurations and apply necessary updates to mitigate risks associated with this issue. For detailed information, refer to the security advisory on VMware's official site.",Vmware,Vmware Vrealize Operations,7.2,HIGH,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-08-10T20:15:00.000Z,0
CVE-2022-31673,https://securityvulnerability.io/vulnerability/CVE-2022-31673,Information Disclosure Vulnerability in VMware vRealize Operations,"VMware vRealize Operations is affected by an information disclosure vulnerability that could be exploited by low-privileged attackers with network access. Through this vulnerability, an attacker can generate and leak hex dumps, which may lead to the exposure of sensitive information. While the immediate threat involves data leakage, successful exploitation could potentially pave the way for more severe attacks, including remote code execution. It is crucial for organizations using VMware vRealize Operations to be aware of this vulnerability and take the necessary steps to mitigate associated risks.",Vmware,Vmware Vrealize Operations,8.8,HIGH,0.0029899999499320984,false,,false,false,false,,,false,false,,2022-08-10T20:15:00.000Z,0
CVE-2022-31674,https://securityvulnerability.io/vulnerability/CVE-2022-31674,Information Disclosure Vulnerability in VMware vRealize Operations,"VMware vRealize Operations is susceptible to an information disclosure vulnerability, allowing a low-privileged attacker with network access to gain unauthorized access to sensitive log files. This can lead to potentially sensitive information being exposed, posing a risk to the confidentiality of the affected systems.",Vmware,Vmware Vrealize Operations,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-08-09T20:19:31.000Z,0
CVE-2022-31675,https://securityvulnerability.io/vulnerability/CVE-2022-31675,Authentication Bypass Vulnerability in VMware vRealize Operations,"The authentication bypass vulnerability in VMware vRealize Operations allows unauthorized users to exploit network access and create administrative user accounts. This potentially grants malicious actors extensive control over the affected systems, leading to significant security risks. It is essential for administrators to apply necessary security updates to mitigate this risk.",Vmware,Vmware Vrealize Operations,7.5,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-08-09T20:19:18.000Z,0
CVE-2021-22034,https://securityvulnerability.io/vulnerability/CVE-2021-22034,Information Disclosure Vulnerability in VMware vRealize Operations,"Prior to version 8.6, VMware vRealize Operations Tenant App is affected by an Information Disclosure Vulnerability that could allow unauthorized access to sensitive information. This vulnerability could potentially expose system details that could be leveraged by attackers to enhance their malicious activity. Users are encouraged to update to the latest version to mitigate risks associated with this issue.",Vmware,Vmware Vrealize Operations Tenant App For Vmware Cloud Director,7.5,HIGH,0.0018599999602884054,false,,false,false,false,,,false,false,,2021-10-21T19:35:10.000Z,0
CVE-2021-22033,https://securityvulnerability.io/vulnerability/CVE-2021-22033,Server Side Request Forgery Vulnerability in VMware vRealize Operations,"A Server Side Request Forgery (SSRF) vulnerability exists in VMware vRealize Operations, allowing an attacker to send unauthorized requests from the server to internal resources. This can lead to unauthorized access and potential data leakage. It is crucial for users to update to VMware vRealize Operations version 8.6 or later to mitigate this risk effectively.",Vmware,Vmware Vrealize Operations,2.7,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2021-10-13T15:42:58.000Z,0
CVE-2021-22025,https://securityvulnerability.io/vulnerability/CVE-2021-22025,Unauthenticated API Access Vulnerability in VMware vRealize Operations Manager,"The vRealize Operations Manager API prior to version 8.5 is affected by a broken access control vulnerability. This flaw allows unauthenticated attackers with network access to interact with the API, potentially enabling them to add new nodes to existing vROps clusters. Such unauthorized actions can compromise the integrity and security of the operations environment, highlighting the importance of patching and securing API endpoints effectively.",Vmware,Vmware Vrealize Operations,7.5,HIGH,0.0008200000156648457,false,,false,false,false,,,false,false,,2021-08-30T17:54:41.000Z,0
CVE-2021-22027,https://securityvulnerability.io/vulnerability/CVE-2021-22027,Server Side Request Forgery Vulnerability in VMware vRealize Operations Manager,"The vRealize Operations Manager API prior to version 8.5 is susceptible to a Server Side Request Forgery (SSRF) vulnerability. This issue allows an unauthenticated attacker with network access to exploit the endpoint, potentially leading to unauthorized information disclosure. The vulnerability poses a risk as attackers may manipulate requests sent to the internal systems, which could expose sensitive data or facilitate further attacks within the network.",Vmware,Vmware Vrealize Operations,7.5,HIGH,0.0018599999602884054,false,,false,false,false,,,false,false,,2021-08-30T17:54:40.000Z,0
CVE-2021-22026,https://securityvulnerability.io/vulnerability/CVE-2021-22026,Server Side Request Forgery Vulnerability in vRealize Operations Manager by VMware,The vRealize Operations Manager API versions prior to 8.5 are susceptible to a Server Side Request Forgery (SSRF) vulnerability. This flaw allows an unauthenticated malicious actor with network access to the API to manipulate requests and potentially disclose sensitive information. Organizations using affected versions should prioritize immediate patching to mitigate the risks associated with this vulnerability.,Vmware,Vmware Vrealize Operations,7.5,HIGH,0.0018599999602884054,false,,false,false,false,,,false,false,,2021-08-30T17:54:40.000Z,0
CVE-2021-22024,https://securityvulnerability.io/vulnerability/CVE-2021-22024,Arbitrary Log-File Read Vulnerability in VMware vRealize Operations Manager,"The VMware vRealize Operations Manager API versions 8.x prior to 8.5 contain a vulnerability that allows an unauthenticated attacker with network access to read arbitrary log files. This could lead to the exposure of sensitive information, potentially putting user data and system integrity at risk. Proper security measures and updates are essential to mitigate this vulnerability.",Vmware,Vmware Vrealize Operations,7.5,HIGH,0.0018599999602884054,false,,false,false,false,,,false,false,,2021-08-30T17:53:37.000Z,0
CVE-2021-22023,https://securityvulnerability.io/vulnerability/CVE-2021-22023,Insecure Object Reference Vulnerability in vRealize Operations Manager API by VMware,"The vRealize Operations Manager API prior to version 8.5 is susceptible to an insecure object reference vulnerability. This weakness allows an attacker with administrative access to potentially manipulate user information, leading to unauthorized account access and control. Organizations utilizing this API should promptly review their server configurations and implement the necessary updates to safeguard against unauthorized access.",Vmware,Vmware Vrealize Operations,7.2,HIGH,0.0010100000072270632,false,,false,false,false,,,false,false,,2021-08-30T17:53:35.000Z,0
CVE-2021-22022,https://securityvulnerability.io/vulnerability/CVE-2021-22022,Arbitrary File Read Vulnerability in vRealize Operations Manager by VMware,"The vRealize Operations Manager API prior to version 8.5 has a vulnerability that allows an authenticated attacker with administrative access to read any file on the server. This arbitrary file read vulnerability can lead to unauthorized access to sensitive information, making it crucial for users to upgrade to the latest version to mitigate the risk of information disclosure.",Vmware,Vmware Vrealize Operations,4.9,MEDIUM,0.0012400000123307109,false,,false,false,false,,,false,false,,2021-08-30T17:53:32.000Z,0
CVE-2021-21975,https://securityvulnerability.io/vulnerability/CVE-2021-21975,Server Side Request Forgery in vRealize Operations Manager API by VMware,"The vRealize Operations Manager API prior to version 8.4 is susceptible to a Server Side Request Forgery vulnerability, potentially allowing remote attackers with network access to manipulate the API. This exploitation could lead to unauthorized access to sensitive administrative credentials. Users are advised to update to the latest version to mitigate this risk fully.",Vmware,Vmware Vrealize Operations,7.5,HIGH,0.9723399877548218,true,2022-01-18T00:00:00.000Z,false,true,true,2021-04-10T12:36:07.000Z,true,false,false,,2021-03-31T17:51:51.000Z,0