Overview
- Description
- Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.
- Source
- security@vmware.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:aria_operations_for_networks:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "467CDF0E-DAEA-4972-98C7-7437C9B8F766",
"versionEndExcluding": "6.11.0",
"versionStartIncluding": "6.2.0"
}
],
"operator": "OR"
}
]
}
]