CVE-2023-20888 - OpenCVE

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Vmware	Vrealize Network Insight

Configuration 1 [-]

cpe:2.3:a:vmware:vrealize_network_insight:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.vmware.com/security/advisories/VMSA-2023-0012.html	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: vmware

Published: 2023-06-07T14:18:41.771Z

Updated: 2023-06-07T14:18:41.771Z

Reserved: 2022-11-01T15:41:50.394Z

Link: CVE-2023-20888

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-06-07T15:15:09.263

Modified: 2023-06-14T19:10:16.743

Link: CVE-2023-20888

JSON object: View

Redhat Information

No data.

CWE

CWE-502