CVE-2023-20889

7.5HIGH

Key Information

Vendor: Vmware
Status: Aria Operations for Networks (Formerly vRealize Network Insight)
Vendor: CVE Published:; 7 June 2023

Summary

Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.

Affected Version(s)

Aria Operations for Networks (Formerly vRealize Network Insight) = Aria Operations for Networks (Formerly vRealize Network Insight) 6.x

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 7, 2023
Vulnerability Reserved.
Nov 1, 2022

Collectors

NVD DatabaseMitre Database