Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.
References
Link | Resource |
---|---|
https://www.vmware.com/security/advisories/VMSA-2023-0012.html | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2023-06-07T14:18:41.771Z
Updated: 2023-06-07T14:18:41.771Z
Reserved: 2022-11-01T15:41:50.394Z
Link: CVE-2023-20888
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-07T15:15:09.263
Modified: 2023-06-14T19:10:16.743
Link: CVE-2023-20888
JSON object: View
Redhat Information
No data.
CWE