CVE-2024-22241
published 2024-02-06CVE-2024-22241: Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the…
PriorityP430medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
37.85%
98.4th percentile
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | aria_operations_for_networks | 6.0.0 – 6.12.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
VMware Aria Operations for Networks (Formerly vRealize Network Insight) updates address multiple vulnerabilities (CVE-2024-22237, CVE-2024-22238, CVE-2024-22239, CVE-2024-22240, CVE-2024-22241)
vendor_vmware·2024-02-06·CVSS 7.8
CVE-2024-22237 [HIGH] VMware Aria Operations for Networks (Formerly vRealize Network Insight) updates address multiple vulnerabilities (CVE-2024-22237, CVE-2024-22238, CVE-2024-22239, CVE-2024-22240, CVE-2024-22241)
VMSA-2024-0002: VMware Aria Operations for Networks (Formerly vRealize Network Insight) updates address multiple vulnerabilities (CVE-2024-22237, CVE-2024-22238, CVE-2024-22239, CVE-2024-22240, CVE-2024-22241)
Aria Operations for Networks contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
CVEs: CVE-2024-22237, CVE-2024-22238, CVE-2024-22239, CVE-2024-22240, CVE-2024-22241
Affected products: VMware Aria
GHSA
GHSA-xqc9-88mp-rfhw: Aria Operations for Networks contains a cross site scripting vulnerability
ghsa_unreviewed·2024-02-06
CVE-2024-22241 [MEDIUM] CWE-79 GHSA-xqc9-88mp-rfhw: Aria Operations for Networks contains a cross site scripting vulnerability
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-02-06
Published