A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Multiple vulnerabilities affecting VMware Aria Operations for Networks (CVE-2023-34039, CVE-2023-20890)

Multiple vulnerabilities affecting VMware Aria Operations for Networks (CVE-2023-34039, CVE-2023-20890)

Advisory No: TZCERT/SA/2023/08/31

Date of First Release: 31st August 2023

Source: VMWARE

Software Affected:  VMware Aria Operations for Networks

Overview:

VMware has released patches to address critical security vulnerabilities affecting Aria Operations for Networks. These vulnerabilities could allow an attacker to take control of the affected system.

Description:

The authentication bypass and arbitrary file write vulnerabilities tracked by CVE-2023-34039 and CVE-2023-20890 resulted from the lack of unique cryptgraphic key generation and unlimited access allowing privileged users to insidiously write files to any chosen location respectively.

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

VMware has released a patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://www.vmware.com/security/advisories/VMSA-2023-0018.html
  2. https://vulcan.io/blog/how-to-fix-cve-2023-34039-cve-2023-20890-in-aria-operations/

Check Also

Remote Code Execution Vulnerabilities in IBM Operational Decision Manager, and IBM i Modernization Engine for Lifecycle Integration (CVE-2019-19919, CVE-2019-12384)

Advisory No: TZCERT/SA/2024/05/17-6 Date of First Release: 17th May 2024 Source: IBM Software Affected: IBM …