PT-2023-2997 · Vmware · Vmware Aria Operations
Y4Er
·
Published
2023-05-11
·
Updated
2023-06-02
·
CVE-2023-20877
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
VMware Aria Operations (affected versions not specified)
Description
The issue is related to insufficient access control in VMware Aria Operations, allowing a remote attacker to execute arbitrary code and escalate privileges. An authenticated malicious user with ReadOnly privileges can perform code execution, leading to privilege escalation.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Vmware Aria Operations