Vmware Vrealize_operations
18 CVEs affecting Vmware Vrealize_operations. Latest disclosed: 2023-05-12. Critical: 2, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-7457 | Critical | 10.0 | 2016-12-29 | VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecif… |
CVE-2020-3943 | Critical | 9.8 | 2020-02-19 | vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthentic… |
CVE-2023-20877 | High | 8.8 | 2023-05-12 | VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leadi… |
CVE-2023-20856 | High | 8.8 | 2023-02-01 | VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenti… |
CVE-2022-31673 | High | 8.8 | 2022-08-10 | VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps… |
CVE-2020-3944 | High | 8.6 | 2020-02-19 | vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication byp… |
CVE-2016-7462 | High | 8.5 | 2016-12-29 | The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename f… |
CVE-2022-31675 | High | 7.5 | 2022-08-10 | VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user… |
CVE-2020-3945 | High | 7.5 | 2020-02-19 | vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairi… |
CVE-2023-20878 | High | 7.2 | 2023-05-12 | VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt th… |
CVE-2022-31707 | High | 7.2 | 2022-12-16 | vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity rang… |
CVE-2022-31672 | High | 7.2 | 2022-08-10 | VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root. |
CVE-2023-20879 | Medium | 6.7 | 2023-05-12 | VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application… |
CVE-2018-6978 | Medium | 6.7 | 2018-12-18 | vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerabilit… |
CVE-2022-31708 | Medium | 4.9 | 2022-12-16 | vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity rang… |
CVE-2022-31682 | Medium | 4.9 | 2022-10-11 | VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files cont… |
CVE-2022-31674 | Medium | 4.3 | 2022-08-10 | VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lea… |
CVE-2021-22033 | Low | 2.7 | 2021-10-13 | Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. |