Severity
8.5HIGH
EPSS
1.7%
top 17.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 29
Latest updateMay 17
Description
The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:HExploitability: 3.1 | Impact: 4.7