Quentin Ebel

**Name of the Vulnerable Software and Affected Versions** VMware Aria Operations for Logs (affected versions not specified) **Description** The issue is related to a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script, potentially leading to arbitrary operations as an admin user. This could allow a remote attacker to perform certain operations in the context of an administrator user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Aria Operation for Logs (affected versions not specified) **Description** The issue is related to a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration. This could allow a remote attacker to inject and execute arbitrary code in the user's browser within the context of the vulnerable web site. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Aria Operations (affected versions not specified) **Description** The issue is related to an information disclosure vulnerability in VMware Aria Operations. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known. The vulnerability is associated with a lack of protection for service data, which could allow a remote attacker to disclose protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Aria Operations for Logs (affected versions not specified) **Description** The issue concerns an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Aria Operations for Logs (affected versions not specified) **Description** The issue is related to insecure privilege management in VMware Aria Operations for Logs, allowing a malicious actor with non-administrative privileges and network access to the Aria Operations for Logs API to perform certain operations in the context of an admin user. This is a result of a privilege escalation issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations (affected versions not specified) Description: The issue is related to a stored cross-site scripting vulnerability in VMware Aria Operations. A malicious actor with editing access to views may be able to inject malicious script, leading to stored cross-site scripting in the product. This could allow a remote attacker to perform cross-site scripting attacks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations (affected versions not specified) Description: The issue is related to a stored cross-site scripting vulnerability in VMware Aria Operations. A malicious actor with editing access to email templates could inject malicious script, leading to stored cross-site scripting in the product. This could allow a remote attacker to perform cross-site scripting attacks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.