-5.1 C
New York
Sunday, February 2, 2025
HomeHacking
Hacking

Broadcom Patches VMware Aria Flaws – Exploits Could Result in Credential Theft

By codesanitize.com
0
1
Broadcom Patches VMware Aria Flaws – Exploits Could Result in Credential Theft


Jan 31, 2025Ravie LakshmananVulnerability / Knowledge Safety

Broadcom Patches VMware Aria Flaws – Exploits Could Result in Credential Theft

Broadcom has launched safety updates to patch 5 safety flaws impacting VMware Aria Operations and Aria Operations for Logs, warning prospects that attackers may exploit them to realize elevated entry or acquire delicate info.

The checklist of recognized flaws, which influence variations 8.x of the software program, is under –

  • CVE-2025-22218 (CVSS rating: 8.5) – A malicious actor with View Solely Admin permissions might be able to learn the credentials of a VMware product built-in with VMware Aria Operations for Logs
  • CVE-2025-22219 (CVSS rating: 6.8) – A malicious actor with non-administrative privileges might be able to inject a malicious script that will result in arbitrary operations as admin person by way of a saved cross-site scripting (XSS) assault
  • CVE-2025-22220 (CVSS rating: 4.3) – A malicious actor with non-administrative privileges and community entry to Aria Operations for Logs API might be able to carry out sure operations within the context of an admin person
  • CVE-2025-22221 (CVSS rating: 5.2) – A malicious actor with admin privileges to VMware Aria Operations for Logs might be able to inject a malicious script that might be executed in a sufferer’s browser when performing a delete motion within the Agent Configuration
  • CVE-2025-22222 (CVSS rating: 7.7) – A malicious person with non-administrative privileges might exploit this vulnerability to retrieve credentials for an outbound plugin if a sound service credential ID is thought
Cybersecurity

Safety researchers Maxime Escourbiac from Michelin CERT, and Yassine Bengana and Quentin Ebel from Abicom and a part of the Michelin CERT staff for detecting and reporting the failings. It is price noting that the identical staff noticed two different shortcomings in the identical product (CVE-2024-38832 and CVE-2024-38833) in late November 2024.

All of the aforementioned vulnerabilities have been patched in VMware Aria Operations and Aria Operations for Logs model 8.18.3. The virtualization providers supplier makes no point out of those points being exploited within the wild.

The advisory comes days after Broadcom warned of a high-severity safety flaw in VMware Avi Load Balancer (CVE-2025-22217, CVSS rating: 8.6) that might be weaponized by malicious actors to realize database entry.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we put up.



Previous articleNostalgic Cottage Type is the Cozy Pattern You’ll Fall For
Next articleConstructing a RQA System with DeepSeek R1 and Streamlit
codesanitize.comhttps://codesanitize.com

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Load more

ABOUT US

Welcome to CodeSanitize, your number one source for all things coding and technology. We’re dedicated to providing you the very best of software development tutorials, tips, and resources, with a focus on clarity, practical examples, and up-to-date content.

© Copyright 2024 - codesanitize.com. All rights reserved