Skip to main content

Vrealize Operations

18 CVEs product

Monthly

CVE-2023-20879 MEDIUM This Month

VMware Aria Operations contains a Local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Cloud Foundation Vrealize Operations
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-20878 HIGH This Week

VMware Aria Operations contains a deserialization vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Deserialization Cloud Foundation Vrealize Operations
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-20877 HIGH This Week

VMware Aria Operations contains a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE VMware Authentication Bypass Cloud Foundation +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-20856 HIGH This Week

VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware CSRF Vrealize Operations
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-31708 MEDIUM PATCH This Month

vRealize Operations (vROps) contains a broken access control vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass VMware Vrealize Operations
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-31707 HIGH PATCH This Week

vRealize Operations (vROps) contains a privilege escalation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

VMware Privilege Escalation Vrealize Operations
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-31682 MEDIUM This Month

VMware Aria Operations contains an arbitrary file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware Vrealize Operations
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-31675 HIGH PATCH This Week

VMware vRealize Operations contains an authentication bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass VMware Vrealize Operations
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-31674 MEDIUM PATCH This Month

VMware vRealize Operations contains an information disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure VMware Vrealize Operations
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-31673 HIGH PATCH This Week

VMware vRealize Operations contains an information disclosure vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Information Disclosure VMware Vrealize Operations
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-31672 HIGH PATCH This Week

VMware vRealize Operations contains a privilege escalation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

VMware Privilege Escalation Vrealize Operations
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2021-22033 LOW PATCH Monitor

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Cloud Foundation Vrealize Operations Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
2.7
EPSS
0.6%
CVE-2020-3945 HIGH PATCH This Week

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Vrealize Operations
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-3944 HIGH This Week

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vrealize Operations
NVD
CVSS 3.1
8.6
EPSS
1.5%
CVE-2020-3943 CRITICAL Act Now

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Vrealize Operations
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2018-6978 MEDIUM PATCH This Month

vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Vrealize Operations
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2016-7462 HIGH This Week

The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Privilege Escalation VMware Vrealize Operations
NVD
CVSS 3.0
8.5
EPSS
1.7%
CVE-2016-7457 CRITICAL Act Now

VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation VMware Vrealize Operations
NVD
CVSS 3.0
10.0
EPSS
1.5%
EPSS 0% CVSS 6.7
MEDIUM This Month

VMware Aria Operations contains a Local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Cloud Foundation +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

VMware Aria Operations contains a deserialization vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Deserialization Cloud Foundation +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

VMware Aria Operations contains a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE VMware +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware CSRF Vrealize Operations
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

vRealize Operations (vROps) contains a broken access control vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass VMware Vrealize Operations
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

vRealize Operations (vROps) contains a privilege escalation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

VMware Privilege Escalation Vrealize Operations
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

VMware Aria Operations contains an arbitrary file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware Vrealize Operations
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

VMware vRealize Operations contains an authentication bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass VMware Vrealize Operations
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

VMware vRealize Operations contains an information disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure VMware Vrealize Operations
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

VMware vRealize Operations contains an information disclosure vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Information Disclosure VMware +1
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

VMware vRealize Operations contains a privilege escalation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

VMware Privilege Escalation Vrealize Operations
NVD
EPSS 1% CVSS 2.7
LOW PATCH Monitor

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Cloud Foundation +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Vrealize Operations
NVD
EPSS 1% CVSS 8.6
HIGH This Week

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vrealize Operations
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Vrealize Operations
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Vrealize Operations
NVD
EPSS 2% CVSS 8.5
HIGH This Week

The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Privilege Escalation VMware +1
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation VMware Vrealize Operations
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy