Multiple vulnerabilities in VMware’s cloud management Aria Operations

VMware’s operations management platform, Aria Operations, contains several security vulnerabilities. Three vulnerabilities allow authenticated attackers to escalate their privileges, and a deserialization vulnerability allows a malicious admin to execute custom code.

Aria Operations, formerly vRealize, is used for the automated management of cloud resources. The most severe vulnerability (CVE-2023-20877, CVSS score 8.8/10) can be exploited by attackers with read access to Aria Operations to run their own code and elevate their privileges.

The second (CVE-2023-20879, CVSS 6.7/10) and third (CVE-2023-20880, CVSS 6.4/10) vulnerabilities allow malicious administrators to gain root access to the operating system running Aria Operations. Internal attackers can also use the deserialization vulnerability with the ID CVE-2023-20878 and the CVSS value 6.6/10 to execute their own commands and thus disrupt the system.

Version 4 of VMWare Cloud Foundation and versions 8.6 and 8.10 of VMWare Aria Operations are affected by the vulnerabilities. VMWare has already provided hotfixes for all vulnerabilities.


To home page

Related Posts

Hot News


usefull links

robis robis robis