VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cloud_foundation | Vmware | 4.0 (including) | 4.5 (including) |
Vrealize_operations | Vmware | 8.6.0 (including) | 8.6.0 (including) |
Vrealize_operations | Vmware | 8.6.0-hotfix1 (including) | 8.6.0-hotfix1 (including) |
Vrealize_operations | Vmware | 8.6.0-hotfix2 (including) | 8.6.0-hotfix2 (including) |
Vrealize_operations | Vmware | 8.6.0-hotfix4 (including) | 8.6.0-hotfix4 (including) |
Vrealize_operations | Vmware | 8.6.0-hotfix5 (including) | 8.6.0-hotfix5 (including) |
Vrealize_operations | Vmware | 8.6.0-hotfix6 (including) | 8.6.0-hotfix6 (including) |
Vrealize_operations | Vmware | 8.6.0-hotfix8 (including) | 8.6.0-hotfix8 (including) |
Vrealize_operations | Vmware | 8.6.0-hotfix9 (including) | 8.6.0-hotfix9 (including) |
Vrealize_operations | Vmware | 8.10.0 (including) | 8.10.0 (including) |
Vrealize_operations | Vmware | 8.10.0-hotfix1 (including) | 8.10.0-hotfix1 (including) |
Vrealize_operations | Vmware | 8.10.0-hotfix2 (including) | 8.10.0-hotfix2 (including) |