Vmware Vrealize Operations — known CVE vulnerabilities
Every CVE whose affected-product data names Vmware Vrealize Operations, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2016-7457 — CVSS 10.0 (critical): VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual…
CVE-2020-3943 — CVSS 9.8 (critical): vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely…
CVE-2023-20877 — CVSS 8.8 (high): VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform…
CVE-2023-20856 — CVSS 8.8 (high): VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on…
CVE-2022-31673 — CVSS 8.8 (high): VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can…
CVE-2020-3944 — CVSS 8.6 (high): vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading…
CVE-2016-7462 — CVSS 8.5 (high): The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content…
CVE-2022-31675 — CVSS 7.5 (high): VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be…
CVE-2020-3945 — CVSS 7.5 (high): vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability…
CVE-2022-31707 — CVSS 7.2 (high): vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the…
CVE-2022-31672 — CVSS 7.2 (high): VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate…
CVE-2023-20878 — CVSS 7.2 (high): VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary…
CVE-2023-20879 — CVSS 6.7 (medium): VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria…
CVE-2018-6978 — CVSS 6.7 (medium): vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege…
CVE-2022-31708 — CVSS 4.9 (medium): vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the…
CVE-2022-31682 — CVSS 4.9 (medium): VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read…
CVE-2022-31674 — CVSS 4.3 (medium): VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can…
CVE-2021-22033 — CVSS 2.7 (low): Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.