Aria Operations
CVE-2024-38831
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations.
AnalysisAI
VMware Aria Operations contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations. Affected products include: Vmware Aria Operations, Vmware Cloud Foundation.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.
More in Aria Operations
View allVMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated
Stored XSS in VMware Aria Operations allows authenticated users with benchmark creation privileges to inject malicious s
VMware Aria Operations contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnera
VMware Aria Operations contains a local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulne
VMware Aria Operations contains a local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulne
VMware Aria Operations contains a privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerabili
VMware Aria Operations contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.4), this vuln
Privilege escalation in VMware Aria Operations allows authenticated users with vCenter access to escalate their privileg
VMware Aria Operations contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vuln
VMware Aria Operations contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 4.8), this vuln
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.
VMware Aria Operations contains an information disclosure vulnerability. Rated high severity (CVSS 7.7), this vulnerabil
Same weakness CWE-77 – Command Injection
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today