Information Disclosure Vulnerability in VMware Aria Operations for Networks
CVE-2023-20889
7.5HIGH
Key Information:
- Vendor
- Vmware
- Vendor
- CVE Published:
- 7 June 2023
Summary
An information disclosure vulnerability exists within VMware Aria Operations for Networks, allowing a malicious actor with network access to exploit the system by executing command injection attacks. Successful exploitation can result in the unintentional exposure of sensitive information. It is crucial for organizations using this product to apply the necessary security patches and remain vigilant against potential network threats.
Affected Version(s)
Aria Operations for Networks (Formerly vRealize Network Insight) Aria Operations for Networks (Formerly vRealize Network Insight) 6.x
References
EPSS Score
24% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved