HIGH🇵🇱 Wersja polska

CVE-2023-20877

CVSS 8.8v3.1pub. 2023-05-12upd. 2025-01-27

VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • VMware Cloud Foundation

    APP
    Vmware
    4.0 – 4.5
  • VMware Vrealize Operations

    APP
    Vmware
    8.10.08.6.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCELPE
CWE
References

Related vulnerabilities

CVE-2025-22224CRITICAL9.3⚠ KEVPL ✓ten sam produkt

VMware ESXi/Workstation: TOCTOU umożliwia ucieczkę z VM przez VMX process

CVE-2024-38812CRITICAL9.8⚠ KEVPL ✓ten sam produkt

VMware vCenter Server — heap-overflow w DCERPC umożliwia RCE

CVE-2024-37079CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Heap overflow w VMware vCenter Server via protokół DCERPC — RCE

CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...

CVE-2021-22005CRITICAL9.8⚠ KEVten sam produkt

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor...