CVE-2023-20888

High

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria…

vmware·CWE-502·Published 2023-06-07

CVSS

8.8

EPSS

0.83

KEV

Exploits

cve.orgen

282 chars

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.

NVDen

282 chars

NVDes

311 chars

Aria Operations para Networks contiene una vulnerabilidad de deserialización autenticada. Un actor malintencionado con acceso de red a VMware Aria Operations para Networks y credenciales de rol de "member" válidas podría realizar un ataque de deserialización que dé como resultado la ejecución remota de código.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H