VMware Aria Operations Stored XSS Vulnerability
CVE-2024-38832

6.4MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Aria Operations
Vendor: CVE Published:; 26 November 2024

What is CVE-2024-38832?

VMware Aria Operations is affected by a stored cross-site scripting vulnerability that permits a malicious actor with editing access to views to inject harmful scripts. This flaw can compromise user data and session integrity, posing significant risks to application security. It is advised for users and administrators to review their access controls and apply any necessary patches to mitigate this vulnerability.

Affected Version(s)

VMware Aria Operations Any 8.x < 8.18.2

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 26, 2024
Vulnerability Reserved
Jun 19, 2024

Vmware

What is CVE-2024-38832?

Affected Version(s)

References

CVSS V3.1

Timeline