CVE-2024-38834: VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject…

medium4.8CVSS 3.1

AVNACLPRHUIRSCCLILAN

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

Affected

3 ranges

Vendor	Product	Version range	Fixed in
vmware	aria_operations	>= 8.0 < 8.18.2	8.18.2
vmware	cloud_foundation	4.0 – 5.2	—
vmware	vmware_aria_operations	>= 8.x < 8.18.2	8.18.2