Addressing Security Vulnerabilities CVE-2024-22237, CVE-2024-22238, CVE-2024-22239, CVE-2024-22240 and CVE-2024-22241 in VMware Aria Operations for Networks (Formerly vRealize Network Insight) Version 6.12.0
search cancel

Addressing Security Vulnerabilities CVE-2024-22237, CVE-2024-22238, CVE-2024-22239, CVE-2024-22240 and CVE-2024-22241 in VMware Aria Operations for Networks (Formerly vRealize Network Insight) Version 6.12.0

book

Article ID: 324469

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Symptoms:

Multiple vulnerabilities in Aria Operations for Networks were responsibly reported to VMware. Updates are available to remediate these vulnerabilities.

CVE-2024-22237:
Local Privilege Escalation vulnerability
 

CVE-2024-22238:
Cross Site Scripting Vulnerability

CVE-2024-22239:
Local Privilege Escalation vulnerability

CVE-2024-22240:
Local File Read vulnerability

CVE-2024-22241:
Cross Site Scripting vulnerability 


These vulnerabilities and their impacts on Aria Operations for Networks are documented in the following VMware Security Advisory (VMSA), please review this document before continuing:
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23681

 

 

Environment

VMware Aria Operations for Networks (formerly vRealize Network Insight) 6.x

Resolution

To mitigate the vulnerability, VMware highly recommends upgrading to Aria Operations for Networks version 6.12.0
For more details on refer to VMware Security Advisory (VMSA): https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23681


 


Workaround:
None

Additional Information

Impact/Risks:
Aria Operations for Networks(Formerly vRealize Network Insight) 6.x

Powered by Wolken Software