CVE-2023-20888
8.8HIGH
Key Information
- Vendor
- Vmware
- Status
- Aria Operations for Networks (Formerly vRealize Network Insight)
- Vendor
- CVE Published:
- 7 June 2023
Badges
📰 News Worthy
Summary
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.
Affected Version(s)
Aria Operations for Networks (Formerly vRealize Network Insight) = Aria Operations for Networks (Formerly vRealize Network Insight) 6.x
News Articles
EPSS Score
24% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
First article discovered by Help Net Security
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database1 News Article(s)