Deserialization Vulnerability in VMware Aria Operations
CVE-2023-20878

7.2HIGH

Key Information:

Vendor: Vmware
Status: Vmware Aria Operations (formerly Vrealize Operations)
Vendor: CVE Published:; 12 May 2023

What is CVE-2023-20878?

VMware Aria Operations is affected by a deserialization vulnerability that allows an authenticated attacker with administrative privileges to execute arbitrary commands. This exploit can potentially disrupt the normal operation of the system, leading to serious security implications. Users are advised to review the security advisory for necessary updates and mitigation strategies.

Affected Version(s)

VMware Aria Operations (formerly vRealize Operations) VMware Aria Operations prior to 8.12

References

https://www.vmware.com/security/advisories/VMSA-2023-0009...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2023
Vulnerability Reserved
Nov 1, 2022

Vmware

What is CVE-2023-20878?

Affected Version(s)

References

CVSS V3.1

Timeline