- 320/2024
- High
VMware has released security updatesto address multiple vulnerabilities affecting VMware Cloud Foundation and VMware Aria Operations.
The addressed vulnerabilities could allow the attacker to gain elevated privileges or conduct stored cross-site scripting attacks on the affected system.
Sample of the addressed vulnerabilities:
1. VMware Privilege Escalation Vulnerability (CVE-2024-38830):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. VMware Stored Cross-Site Scripting Vulnerability (CVE-2024-38832):
- CVSS: 7.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Cross-Site Scripting
Vulnerabilities
- CVE-2024-38830
- CVE-2024-38831
- CVE-2024-38832
- CVE-2024-38833
- CVE-2024-38834
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.