A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Multiple vulnerabilities affecting VMware Aria Operations for Networks (CVE-2023-34039, CVE-2023-20890)

Multiple vulnerabilities affecting VMware Aria Operations for Networks (CVE-2023-34039, CVE-2023-20890)

Advisory No: TZCERT/SA/2023/08/31

Date of First Release: 31st August 2023

Source: VMWARE

Software Affected:  VMware Aria Operations for Networks

Overview:

VMware has released patches to address critical security vulnerabilities affecting Aria Operations for Networks. These vulnerabilities could allow an attacker to take control of the affected system.

Description:

The authentication bypass and arbitrary file write vulnerabilities tracked by CVE-2023-34039 and CVE-2023-20890 resulted from the lack of unique cryptgraphic key generation and unlimited access allowing privileged users to insidiously write files to any chosen location respectively.

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

VMware has released a patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://www.vmware.com/security/advisories/VMSA-2023-0018.html
  2. https://vulcan.io/blog/how-to-fix-cve-2023-34039-cve-2023-20890-in-aria-operations/

Best free WordPress theme

Check Also

HPE Superdome Flex, Superdome Flex 280 and Compute Scale-up Server 3200 Servers Arbitrary Code Execution (CVE-2021-38578)

Advisory No: TZCERT/SA/2024/04/19 Date of First Release: 19th April 2024 Source: Hewlett Packard Enterprise (HPE) …

DISCLAIMER |FAQ |CONTACT US
Tanzania Computer Emergency Response Team © Copyright 2024, All Rights Reserved.