CVE-2023-20888

Aria Operations for Networks contains an authenticated deserialization vulnerability.A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vmwareCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
vmwarevrealize_network_insight
6.2.0 ≤
𝑥
≤ 6.10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.vmware.com/security/advisories/VMSA-2023-0012.html
https://www.vmware.com/security/advisories/VMSA-2023-0012.html