Severity
High
Analysis Summary
CVE-2023-20889 CVSS:8.8
VMware Aria Operations for Networks could allow a remote authenticated attacker to obtain sensitive information. By performing a command injection attack, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-20888 CVSS:9.1
VMware Aria Operations for Networks could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a deserialization vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-20887 CVSS:9.8
VMware Aria Operations for Networks could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Code Execution
- Information Disclosure
- Command Execution
Indicators Of Compromise
CVE
- CVE-2023-20889
- CVE-2023-20888
- CVE-2023-20887
Affected Vendors
VMware
Affected Products
- VMware Aria Operations for Networks 6.0
Remediation
Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.