Virtualization software vendor VMware on Tuesday released a high-severity bulletin with patches for at least five security defects in its Aria Operations product.
The company documented five distinct vulnerabilities in the cloud IT operations platform and warned that malicious hackers can craft exploits to elevate privileges or launch cross-site scripting attacks.
Here are the details from VMware’s VMSA-2024-0022 bulletin:
- CVE-2024-38830 – Local privilege escalation vulnerability (CVSS 7.8). Exploitable by actors with local administrative privileges to gain root access on the appliance.
- CVE-2024-38831 – Local privilege escalation vulnerability (CVSS 7.8). Enables malicious commands via properties file modifications, allowing privilege escalation to root.
- CVE-2024-38832 – Stored cross-site scripting vulnerability (CVSS 7.1). Allows script injection by users with editing access to views.
- CVE-2024-38833 – Stored cross-site scripting vulnerability (CVSS 6.8). Permits malicious script injection through email templates.
- CVE-2024-38834 – Stored cross-site scripting vulnerability (CVSS 6.5). Targets cloud provider editing functionality for script injection.
The company said the vulnerabilities affect VMware Aria Operations (version 8.x), and VMware Cloud Foundation (versions 4.x and 5.x utilizing Aria Operations).
Corporate users are urged to apply the available patches urgently with VMware noting that there are no available workarounds.
VMware virtualization technology products have been a major target for advanced hacking groups. The CISA Known Exploited Vulnerabilities (KEV) catalog includes multiple entries for VMware defects, including at least one for VMware Aria Operations.
Related: Hard-to-Fix VMware vCenter Server Flaw Being Exploited
Related: VMware Struggles to Fix Flaw Exploited at Chinese Hacking Contest
Related: VMware Patches High-Severity SQL Injection Flaw in HCX Platform
Related: VMware Patches RCE Flaw Found in Chinese Hacking Contest