All the vulnerabilites related to VMware - VMware Aria Operations
cve-2024-38833
Vulnerability from cvelistv5
Published
2024-11-26 11:54
Modified
2024-12-06 20:04
Severity ?
EPSS score ?
Summary
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | VMware | VMware Aria Operations |
Version: 8.x |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38833",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:01:27.917179Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T20:04:41.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Any"
],
"product": "VMware Aria Operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.2",
"status": "affected",
"version": "8.x",
"versionType": "proprietary"
}
]
}
],
"datePublic": "2024-11-26T11:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria Operations contains a stored cross-site scripting vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware Aria Operations contains a stored cross-site scripting vulnerability.\u00a0A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:54:54.847Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored cross-site scripting vulnerability (CVE-2024-38833)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38833",
"datePublished": "2024-11-26T11:54:54.847Z",
"dateReserved": "2024-06-19T22:32:07.790Z",
"dateUpdated": "2024-12-06T20:04:41.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-38832
Vulnerability from cvelistv5
Published
2024-11-26 11:51
Modified
2024-12-06 20:03
Severity ?
EPSS score ?
Summary
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | VMware | VMware Aria Operations |
Version: 8.x |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38832",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:01:33.938591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T20:03:26.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Any"
],
"product": "VMware Aria Operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.2",
"status": "affected",
"version": "8.x",
"versionType": "proprietary"
}
]
}
],
"datePublic": "2024-11-26T11:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria Operations contains a stored cross-site scripting vulnerability.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware Aria Operations contains a stored cross-site scripting vulnerability.\u00a0A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:51:39.551Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored cross-site scripting vulnerability (CVE-2024-38832)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38832",
"datePublished": "2024-11-26T11:51:39.551Z",
"dateReserved": "2024-06-19T22:32:07.790Z",
"dateUpdated": "2024-12-06T20:03:26.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-38831
Vulnerability from cvelistv5
Published
2024-11-26 11:50
Modified
2024-11-26 15:06
Severity ?
EPSS score ?
Summary
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | VMware | VMware Aria Operations |
Version: 8.x |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:aria_operations:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aria_operations",
"vendor": "vmware",
"versions": [
{
"lessThan": "8.18.2",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38831",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:05:03.311973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T15:06:18.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Any"
],
"product": "VMware Aria Operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.2",
"status": "affected",
"version": "8.x",
"versionType": "proprietary"
}
]
}
],
"datePublic": "2024-11-26T11:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria Operations contains a local privilege escalation vulnerability.\u0026nbsp;\u0026nbsp;\u003c/span\u003eA malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to \u0026nbsp;a root user on the appliance running VMware Aria Operations."
}
],
"value": "VMware Aria Operations contains a local privilege escalation vulnerability.\u00a0\u00a0A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to \u00a0a root user on the appliance running VMware Aria Operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:50:20.202Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation vulnerability (CVE-2024-38831)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38831",
"datePublished": "2024-11-26T11:50:20.202Z",
"dateReserved": "2024-06-19T22:32:07.790Z",
"dateUpdated": "2024-11-26T15:06:18.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-38834
Vulnerability from cvelistv5
Published
2024-11-26 11:56
Modified
2024-12-06 20:04
Severity ?
EPSS score ?
Summary
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | VMware | VMware Aria Operations |
Version: 8.x |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:01:21.799680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T20:04:02.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Any"
],
"product": "VMware Aria Operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.2",
"status": "affected",
"version": "8.x",
"versionType": "proprietary"
}
]
}
],
"datePublic": "2024-11-26T11:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria Operations contains a stored cross-site scripting vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware Aria Operations contains a stored cross-site scripting vulnerability.\u00a0A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:56:48.573Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored cross-site scripting vulnerability (CVE-2024-38834)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38834",
"datePublished": "2024-11-26T11:56:48.573Z",
"dateReserved": "2024-06-19T22:32:07.790Z",
"dateUpdated": "2024-12-06T20:04:02.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-38830
Vulnerability from cvelistv5
Published
2024-11-26 11:49
Modified
2024-11-26 11:49
Severity ?
EPSS score ?
Summary
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | VMware | VMware Aria Operations |
Version: 8.x |
|
|
|||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Any"
],
"product": "VMware Aria Operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.2",
"status": "affected",
"version": "8.x",
"versionType": "proprietary"
}
]
}
],
"datePublic": "2024-11-26T11:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria Operations contains a local privilege escalation vulnerability.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware Aria Operations contains a local privilege escalation vulnerability.\u00a0A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:49:16.781Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38830",
"datePublished": "2024-11-26T11:49:16.781Z",
"dateReserved": "2024-06-19T22:32:07.790Z",
"dateUpdated": "2024-11-26T11:49:16.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}