Privilege Escalation Vulnerability in VMware Aria Operations
CVE-2023-20880

6.7MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Aria Operations (formerly Vrealize Operations)
Vendor: CVE Published:; 12 May 2023

Summary

VMware Aria Operations is impacted by a vulnerability that allows a malicious actor with administrative access to the localized system to gain elevated privileges to the root account. This flaw raises significant security concerns, as it permits unauthorized escalation of authority, potentially leading to further exploitation of the system.

Affected Version(s)

VMware Aria Operations (formerly vRealize Operations) VMware Aria Operations prior to 8.12

References

https://www.vmware.com/security/advisories/VMSA-2023-0009...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 12, 2023
Vulnerability Reserved
Nov 1, 2022