VMwareVMSA-2023-0012.2VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-20887, CVE-2023-20888, CVE-2023-20889)
3a. Aria Operations for Networks Command Injection Vulnerability (CVE-2023-20887)
Aria Operations for Networks contains a command injection vulnerability. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.8.
3b. Aria Operations for Networks Authenticated Deserialization Vulnerability (CVE-2023-20888)
Aria Operations for Networks contains an authenticated deserialization vulnerability. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.1.
3c. Aria Operations for Networks Information Disclosure Vulnerability (CVE-2023-20889)
Aria Operations for Networks contains an information disclosure vulnerability. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.8.
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20887
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20888
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20889
kb.vmware.com/s/article/92684
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Related
