Description

Acunetix determined that the VMware Aria Operations for Networks is vulnerable to remote code execution attack.

Remediation

Upgrade to the latest version of VMware Aria Operations for Networks

References

VMSA-2023-0012.2

Related Vulnerabilities

Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1005)

Squid Improper Encoding or Escaping of Output Vulnerability (CVE-2021-31806)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5908)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10379)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2034)

Severity

Critical

Classification

CVE-2023-20887 CWE-77 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Code Execution Known Vulnerabilities