Описание
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:vmware:aria_operations_for_logs:4.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:aria_operations_for_logs:5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:aria_operations_for_logs:8.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:aria_operations_for_logs:8.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:aria_operations_for_logs:8.10:*:*:*:*:*:*:*
cpe:2.3:a:vmware:aria_operations_for_logs:8.10.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:aria_operations_for_logs:8.12:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.57738
Средний
9.8 Critical
CVSS3
Дефекты
CWE-863
CWE-863
Связанные уязвимости
CVSS3: 9.8
github
больше 2 лет назад
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
CVSS3: 8.1
fstec
больше 2 лет назад
Уязвимость инструмента для анализа сетевых журналов VMware Aria Operations for Logs, связанная с возможностью обхода аутентификации, позволяющая нарушителю выполнить произвольный код
EPSS
Процентиль: 98%
0.57738
Средний
9.8 Critical
CVSS3
Дефекты
CWE-863
CWE-863