VMware vRealize Operations 8.6.0 Hotfix1

CPE Details

VMware vRealize Operations 8.6.0 Hotfix1
vmware
vrealize_operations
8.6.0
2023-06-01
15h30 +00:00
2023-07-21
19h59 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vmware:vrealize_operations:8.6.0:hotfix1:*:*:*:*:*:*

Informations

Vendor

vmware

Product

vrealize_operations

Version

8.6.0

Update

hotfix1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-20877 2023-05-12 00h00 +00:00 VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
8.8
High
CVE-2023-20878 2023-05-12 00h00 +00:00 VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.
7.2
High
CVE-2023-20879 2023-05-12 00h00 +00:00 VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.
6.7
Medium
CVE-2023-20856 2023-02-01 00h00 +00:00 VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user.
8.8
High
CVE-2022-31707 2022-12-15 23h00 +00:00 vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
7.2
High
CVE-2022-31708 2022-12-15 23h00 +00:00 vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
4.9
Medium
CVE-2022-31682 2022-10-10 22h00 +00:00 VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.
4.9
Medium
CVE-2022-31673 2022-08-09 18h19 +00:00 VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.
8.8
High
CVE-2022-31674 2022-08-09 18h19 +00:00 VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.
4.3
Medium
CVE-2022-31675 2022-08-09 18h19 +00:00 VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.
7.5
High
CVE-2022-31672 2022-08-09 18h18 +00:00 VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.
7.2
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.