PT-2022-6670 · Vmware · Vmware Aria Operations For Networks
Sinsinology
·
Published
2022-11-01
·
Updated
2025-01-07
·
CVE-2023-20889
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
VMware Aria Operations for Networks (affected versions not specified)
Description
The issue is related to an information disclosure vulnerability in VMware Aria Operations for Networks. A malicious actor with network access could perform a command injection attack, resulting in information disclosure. The vulnerability is also associated with a lack of data sanitization measures at the management level, which could allow a remote attacker to gain unauthorized access to protected information and execute arbitrary commands.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Aria Operations For Networks