Refine your search
4 vulnerabilities found for Aria Operations by VMware
CERTFR-2025-AVI-0832
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Cloud Foundation | Cloud Foundation versions 4.5.x avec vCenter versions 7.x antérieures à 7.0 U3w | ||
| VMware | Telco Cloud Platform | Telco Cloud Platform versions 5.x, 4.x, 3.x et 2.x sans les recommandations des articles KB411508 et KB411518 | ||
| VMware | NSX | NSX versions 4.2.2.x antérieures à 4.2.2.2 | ||
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions 3.x et 2.x sans les recommandations des articles KB411508 et KB411518 | ||
| VMware | Cloud Foundation | Cloud Foundation versions 5.x antérieures à 5.2.2 | ||
| VMware | NSX | NSX versions 4.2.3.x antérieures à 4.2.3.1 | ||
| VMware | NSX | NSX-T versions 3.x antérieures à 3.2.4.3 | ||
| VMware | Cloud Foundation | Cloud Foundation versions 9.x antérieures à 9.0.1.0 | ||
| VMware | vCenter Server | vCenter versions 7.x antérieures à 7.0 U3w | ||
| VMware | vSphere Foundation | vSphere Foundation versions 13.x antérieures à 13.0.5.0 | ||
| VMware | vCenter Server | vCenter versions 8.x antérieures à 8.0 U3g | ||
| VMware | Telco Cloud Platform | Telco Cloud Platform versions 5.x et 4.x avec Aria Operations versions 8.x antérieures à 8.18.5 | ||
| VMware | vSphere Foundation | vSphere Foundation versions 9.x antérieures à 9.0.1.0 | ||
| VMware | Cloud Foundation | Cloud Foundation versions 13.x antérieures à 13.0.5.0 | ||
| VMware | VMware Tools | VMware Tools versions 13.x antérieures à 13.0.5 | ||
| VMware | Cloud Foundation | Cloud Foundation versions 5.x et 4.x sans les recommandations des articles KB92148 et KB88287 | ||
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions 3.x et 2.x avec Aria Operations versions 8.x antérieures à 8.18.5 | ||
| VMware | NSX | NSX versions 4.0.x et 4.1.x antérieures à 4.1.2.7 | ||
| VMware | Aria Operations | Aria Operations versions 8.x antérieures à 8.18.5 | ||
| VMware | VMware Tools | VMware Tools versions 11.x et 12.x antérieures à 12.5.4 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Foundation versions 4.5.x avec vCenter versions 7.x ant\u00e9rieures \u00e0 7.0 U3w",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Platform versions 5.x, 4.x, 3.x et 2.x sans les recommandations des articles KB411508 et KB411518",
"product": {
"name": "Telco Cloud Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NSX versions 4.2.2.x ant\u00e9rieures \u00e0 4.2.2.2",
"product": {
"name": "NSX",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Infrastructure versions 3.x et 2.x sans les recommandations des articles KB411508 et KB411518",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 5.x ant\u00e9rieures \u00e0 5.2.2",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NSX versions 4.2.3.x ant\u00e9rieures \u00e0 4.2.3.1",
"product": {
"name": "NSX",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NSX-T versions 3.x ant\u00e9rieures \u00e0 3.2.4.3",
"product": {
"name": "NSX",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 9.x ant\u00e9rieures \u00e0 9.0.1.0",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter versions 7.x ant\u00e9rieures \u00e0 7.0 U3w",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vSphere Foundation versions 13.x ant\u00e9rieures \u00e0 13.0.5.0",
"product": {
"name": "vSphere Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter versions 8.x ant\u00e9rieures \u00e0 8.0 U3g",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Platform versions 5.x et 4.x avec Aria Operations versions 8.x ant\u00e9rieures \u00e0 8.18.5",
"product": {
"name": "Telco Cloud Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vSphere Foundation versions 9.x ant\u00e9rieures \u00e0 9.0.1.0",
"product": {
"name": "vSphere Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 13.x ant\u00e9rieures \u00e0 13.0.5.0",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tools versions 13.x ant\u00e9rieures \u00e0 13.0.5",
"product": {
"name": "VMware Tools",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 5.x et 4.x sans les recommandations des articles KB92148 et KB88287",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Infrastructure versions 3.x et 2.x avec Aria Operations versions 8.x ant\u00e9rieures \u00e0 8.18.5",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NSX versions 4.0.x et 4.1.x ant\u00e9rieures \u00e0 4.1.2.7",
"product": {
"name": "NSX",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Aria Operations versions 8.x ant\u00e9rieures \u00e0 8.18.5",
"product": {
"name": "Aria Operations",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tools versions 11.x et 12.x ant\u00e9rieures \u00e0 12.5.4",
"product": {
"name": "VMware Tools",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-41245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41245"
},
{
"name": "CVE-2025-41252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41252"
},
{
"name": "CVE-2025-41251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41251"
},
{
"name": "CVE-2025-41246",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41246"
},
{
"name": "CVE-2025-41244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
},
{
"name": "CVE-2025-41250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41250"
}
],
"initial_release_date": "2025-09-30T00:00:00",
"last_revision_date": "2025-09-30T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0832",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-09-29",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36149",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149"
},
{
"published_at": "2025-09-29",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36150",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
}
]
}
CERTFR-2025-AVI-0268
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits VMware. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Telco Cloud Platform | Telco Cloud Platform versions antérieures à 8.18 HF 5 | ||
| VMware | Cloud Foundation | Cloud Foundation versions 5.x sans les derniers correctifs de sécurité | ||
| VMware | Aria Operations | Aria Operations versions 8.x antérieures à 8.18 HF 5 | ||
| VMware | Cloud Foundation | Cloud Foundation versions 4.x sans les derniers correctifs de sécurité | ||
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions antérieures à 8.18 HF 5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Telco Cloud Platform versions ant\u00e9rieures \u00e0 8.18 HF 5",
"product": {
"name": "Telco Cloud Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 5.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Aria Operations versions 8.x ant\u00e9rieures \u00e0 8.18 HF 5",
"product": {
"name": "Aria Operations",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 4.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Infrastructure versions ant\u00e9rieures \u00e0 8.18 HF 5",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-22231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22231"
}
],
"initial_release_date": "2025-04-02T00:00:00",
"last_revision_date": "2025-04-02T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0268",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-02T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits VMware. Elle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 25541",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25541"
}
]
}
CERTFR-2025-AVI-0085
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Aria Operations | VMware Aria Operations versions 8.x antérieures à 8.18.3 | ||
| VMware | Cloud Foundation | VMware Cloud Foundation versions 4.x et 5.x sans le correctif KB92148 | ||
| VMware | Aria Operations | VMware Aria Operations for logs versions 8.x antérieures à 8.18.3 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Aria Operations versions 8.x ant\u00e9rieures \u00e0 8.18.3",
"product": {
"name": "Aria Operations",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation versions 4.x et 5.x sans le correctif KB92148",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Aria Operations for logs versions 8.x ant\u00e9rieures \u00e0 8.18.3",
"product": {
"name": "Aria Operations",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-22219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22219"
},
{
"name": "CVE-2025-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22218"
},
{
"name": "CVE-2025-22220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22220"
},
{
"name": "CVE-2025-22222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22222"
},
{
"name": "CVE-2025-22221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22221"
}
],
"initial_release_date": "2025-01-31T00:00:00",
"last_revision_date": "2025-01-31T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0085",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-01-30",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 25329",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329"
}
]
}
CERTFR-2024-AVI-1027
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans VMware Aria Operations. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Cloud Foundation | Cloud Foundation versions 5.x et 4.x avec Aria Operations versions antérieures à 8.18.2 | ||
| VMware | Aria Operations | Aria Operations versions 8.x antérieures à 8.18.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Foundation versions 5.x et 4.x avec Aria Operations versions ant\u00e9rieures \u00e0 8.18.2",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Aria Operations versions 8.x ant\u00e9rieures \u00e0 8.18.2",
"product": {
"name": "Aria Operations",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38833"
},
{
"name": "CVE-2024-38830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38830"
},
{
"name": "CVE-2024-38834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38834"
},
{
"name": "CVE-2024-38832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38832"
},
{
"name": "CVE-2024-38831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38831"
}
],
"initial_release_date": "2024-11-29T00:00:00",
"last_revision_date": "2024-11-29T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1027",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Aria Operations. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Aria Operations",
"vendor_advisories": [
{
"published_at": "2024-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 25199",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199"
}
]
}