CVE-2023-20877

Published: May 12, 2023Modified: Jan 27, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.

Affected (12)

Products: Vmware: Cloud Foundation, Vrealize Operations

Vmware

2 products

Cloud Foundation

Vrealize Operations

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Vmware Cloud Foundation	From 4.0 to 4.5
Vmware Vrealize Operations	Version 8.10.0
Vmware Vrealize Operations	Version 8.10.0 hotfix1
Vmware Vrealize Operations	Version 8.10.0 hotfix2
Vmware Vrealize Operations	Version 8.6.0
Vmware Vrealize Operations	Version 8.6.0 hotfix1
Vmware Vrealize Operations	Version 8.6.0 hotfix2
Vmware Vrealize Operations	Version 8.6.0 hotfix4
Vmware Vrealize Operations	Version 8.6.0 hotfix5
Vmware Vrealize Operations	Version 8.6.0 hotfix6
Vmware Vrealize Operations	Version 8.6.0 hotfix8
Vmware Vrealize Operations	Version 8.6.0 hotfix9

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://www.vmware.com/security/advisories/VMSA-2023-0009.html

Source: security@vmware.com

Vendor Advisory

https://www.vmware.com/security/advisories/VMSA-2023-0009.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.