Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Vmware Subscribe
Filtered by product Vrealize Operations
Total 15 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-20856 1 Vmware 1 Vrealize Operations 2023-02-07 N/A 8.8 HIGH
VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user.
CVE-2022-31708 1 Vmware 1 Vrealize Operations 2022-12-21 N/A 4.9 MEDIUM
vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
CVE-2022-31707 1 Vmware 1 Vrealize Operations 2022-12-21 N/A 7.2 HIGH
vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
CVE-2022-31682 1 Vmware 1 Vrealize Operations 2022-10-13 N/A 4.9 MEDIUM
VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.
CVE-2022-31672 1 Vmware 1 Vrealize Operations 2022-08-15 N/A 7.2 HIGH
VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.
CVE-2022-31673 1 Vmware 1 Vrealize Operations 2022-08-15 N/A 8.8 HIGH
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.
CVE-2022-31674 1 Vmware 1 Vrealize Operations 2022-08-15 N/A 4.3 MEDIUM
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.
CVE-2022-31675 1 Vmware 1 Vrealize Operations 2022-08-15 N/A 7.5 HIGH
VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.
CVE-2021-22033 1 Vmware 3 Cloud Foundation, Vrealize Operations, Vrealize Suite Lifecycle Manager 2021-10-19 4.0 MEDIUM 2.7 LOW
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
CVE-2020-3943 2 Microsoft, Vmware 2 Windows, Vrealize Operations 2021-07-21 7.5 HIGH 9.8 CRITICAL
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.
CVE-2020-3945 2 Microsoft, Vmware 2 Windows, Vrealize Operations 2021-07-21 5.0 MEDIUM 7.5 HIGH
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information
CVE-2020-3944 2 Microsoft, Vmware 2 Windows, Vrealize Operations 2020-02-26 5.0 MEDIUM 8.6 HIGH
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication.
CVE-2018-6978 1 Vmware 1 Vrealize Operations 2019-10-02 7.2 HIGH 6.7 MEDIUM
vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.
CVE-2016-7457 1 Vmware 1 Vrealize Operations 2017-07-29 8.0 HIGH 10.0 CRITICAL
VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.
CVE-2016-7462 1 Vmware 1 Vrealize Operations 2017-07-27 7.5 HIGH 8.5 HIGH
The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.