- 43/2024
- High
VMware has released a security update to address several vulnerabilities in the VMware Aria Operations for Networks (formerly vRealize Network Insight).
The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, or perform cross-site scripting attacks on the affected system.
Sample of the addressed vulnerabilities:
1. VMware Aria Operations for Networks Privilege Escalation (CVE-2024-22237):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. VMware Aria Operations for Networks Cross-Site Scripting (CVE-2024-22238):
- CVSS: 6.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Consequences: Cross-Site Scripting
Vulnerabilities
- CVE-2024-22237
- CVE-2024-22238
- CVE-2024-22239
- CVE-2024-22240
- CVE-2024-22241
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.