Primary

Context

VMware Aria Operations Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability allowing information disclosure has been identified in VMware Aria Operations. This issue arises from a malicious user with non-administrative privileges being able to retrieve credentials for an outbound plugin, provided they know a valid service credential ID. VMware has assigned a severity level of 'Important' to this vulnerability, with a CVSSv3 base score of 7.7.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive credentials for an outbound plugin, potentially allowing for further exploitation or unauthorized actions within the affected system.

Remediation

Users can upgrade to VMware Aria Operations version 8.18.3 to address this vulnerability. Instructions for downloading this version are available on the Broadcom Support website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VMware Aria Operations Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

VMware Aria Operations

VMware Aria Operations for Logs

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating