VMware’s Aria Operations Management Platform Affected by Multiple Security Vulnerabilities
VMware’s Aria Operations Management Platform, previously known as vRealize, has been found to have several security vulnerabilities. The platform is used for the automated management of cloud resources. The vulnerabilities were discovered in versions 8.6 and 8.10 of Aria Operations and version 4 of VMware Cloud Foundation.
CVE-2023-20877, the most severe vulnerability with a CVSS score of 8.8/10, enables attackers with read access to Aria Operations to escalate their privileges and run their own code. The second vulnerability (CVE-2023-20879, CVSS score 6.7/10) and third vulnerability (CVE-2023-20880, CVSS score 6.4/10) allow malicious administration to gain root access to the operating system running Aria Operations.
The fourth vulnerability, CVE-2023-20878 with a CVSS score of 6.6/10, is the deserialization gap, which internal attackers can exploit to execute their own commands and cause disruption to the system.
Fortunately, VMware has already provided hotfixes for all vulnerabilities, with CVE-2023-20877 having the highest priority. VMware advises all users of the affected versions of Aria Operations and Cloud Foundation to update their systems as soon as possible with the provided hotfixes.
In conclusion, companies that use Aria Operations and Cloud Foundation management platforms should patch their systems immediately to mitigate the risks associated with these vulnerabilities. Failure to do so could lead to a data breach or financial loss.
