QID 730799
Date Published: 2023-05-23
QID 730799: VMware Aria Operations Multiple Security Vulnerabilities (VMSA-2023-0009)
VMWare has patched two vulnerabilities in its product VMware Aria Operations which is formerly known as vRealize Operations Manager.
VMware Aria Operations Privilege Escalation Vulnerability (CVE-2023-20877)
VMware Aria Operations Deserialization Vulnerability (CVE-2023-20878)
VMware Aria Operations Local Privilege Escalation Vulnerability (CVE-2023-20879)
VMware Aria Operations Local Privilege Escalation Vulnerability (CVE-2023-20880)
Affected Versions:
VMware Aria Operations for Logs versions 8.6.x, 8.10
QID Detection Logic
This QID sends the GET request to ui/login.action and checks for vulnerable version.
Successful exploitation of the vulnerability may allow an attacker to perform Local Privilege Escalation and/or exploit a Deserialization Vulnerability.
- VMSA-2023-0009 -
www.vmware.com/security/advisories/VMSA-2023-0009.html
CVEs related to QID 730799
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| VMSA-2023-0009 |
www.vmware.com/security/advisories/VMSA-2023-0009.html |