Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-1027
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans VMware Aria Operations. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Cloud Foundation | Cloud Foundation versions 5.x et 4.x avec Aria Operations versions antérieures à 8.18.2 | ||
| VMware | Aria Operations | Aria Operations versions 8.x antérieures à 8.18.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Foundation versions 5.x et 4.x avec Aria Operations versions ant\u00e9rieures \u00e0 8.18.2",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Aria Operations versions 8.x ant\u00e9rieures \u00e0 8.18.2",
"product": {
"name": "Aria Operations",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38833"
},
{
"name": "CVE-2024-38830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38830"
},
{
"name": "CVE-2024-38834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38834"
},
{
"name": "CVE-2024-38832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38832"
},
{
"name": "CVE-2024-38831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38831"
}
],
"initial_release_date": "2024-11-29T00:00:00",
"last_revision_date": "2024-11-29T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1027",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Aria Operations. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Aria Operations",
"vendor_advisories": [
{
"published_at": "2024-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 25199",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199"
}
]
}
CVE-2024-38834 (GCVE-0-2024-38834)
Vulnerability from cvelistv5
Published
2024-11-26 11:56
Modified
2024-12-06 20:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | VMware Aria Operations |
Version: 8.x |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:01:21.799680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T20:04:02.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Any"
],
"product": "VMware Aria Operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.2",
"status": "affected",
"version": "8.x",
"versionType": "proprietary"
}
]
}
],
"datePublic": "2024-11-26T11:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria Operations contains a stored cross-site scripting vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware Aria Operations contains a stored cross-site scripting vulnerability.\u00a0A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:56:48.573Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored cross-site scripting vulnerability (CVE-2024-38834)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38834",
"datePublished": "2024-11-26T11:56:48.573Z",
"dateReserved": "2024-06-19T22:32:07.790Z",
"dateUpdated": "2024-12-06T20:04:02.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38832 (GCVE-0-2024-38832)
Vulnerability from cvelistv5
Published
2024-11-26 11:51
Modified
2024-12-06 20:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | VMware Aria Operations |
Version: 8.x |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38832",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:01:33.938591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T20:03:26.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Any"
],
"product": "VMware Aria Operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.2",
"status": "affected",
"version": "8.x",
"versionType": "proprietary"
}
]
}
],
"datePublic": "2024-11-26T11:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria Operations contains a stored cross-site scripting vulnerability.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware Aria Operations contains a stored cross-site scripting vulnerability.\u00a0A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:51:39.551Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored cross-site scripting vulnerability (CVE-2024-38832)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38832",
"datePublished": "2024-11-26T11:51:39.551Z",
"dateReserved": "2024-06-19T22:32:07.790Z",
"dateUpdated": "2024-12-06T20:03:26.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38833 (GCVE-0-2024-38833)
Vulnerability from cvelistv5
Published
2024-11-26 11:54
Modified
2024-12-06 20:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | VMware Aria Operations |
Version: 8.x |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38833",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:01:27.917179Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T20:04:41.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Any"
],
"product": "VMware Aria Operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.2",
"status": "affected",
"version": "8.x",
"versionType": "proprietary"
}
]
}
],
"datePublic": "2024-11-26T11:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria Operations contains a stored cross-site scripting vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware Aria Operations contains a stored cross-site scripting vulnerability.\u00a0A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:54:54.847Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored cross-site scripting vulnerability (CVE-2024-38833)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38833",
"datePublished": "2024-11-26T11:54:54.847Z",
"dateReserved": "2024-06-19T22:32:07.790Z",
"dateUpdated": "2024-12-06T20:04:41.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38830 (GCVE-0-2024-38830)
Vulnerability from cvelistv5
Published
2024-11-26 11:49
Modified
2025-02-10 22:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | VMware Aria Operations |
Version: 8.x |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:aria_operations:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aria_operations",
"vendor": "vmware",
"versions": [
{
"lessThan": "8.18.2",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38830",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:06:38.470450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T22:19:20.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Any"
],
"product": "VMware Aria Operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.2",
"status": "affected",
"version": "8.x",
"versionType": "proprietary"
}
]
}
],
"datePublic": "2024-11-26T11:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria Operations contains a local privilege escalation vulnerability.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware Aria Operations contains a local privilege escalation vulnerability.\u00a0A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:49:16.781Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38830",
"datePublished": "2024-11-26T11:49:16.781Z",
"dateReserved": "2024-06-19T22:32:07.790Z",
"dateUpdated": "2025-02-10T22:19:20.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38831 (GCVE-0-2024-38831)
Vulnerability from cvelistv5
Published
2024-11-26 11:50
Modified
2024-11-26 15:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | VMware Aria Operations |
Version: 8.x |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:aria_operations:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aria_operations",
"vendor": "vmware",
"versions": [
{
"lessThan": "8.18.2",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38831",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:05:03.311973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T15:06:18.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Any"
],
"product": "VMware Aria Operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.2",
"status": "affected",
"version": "8.x",
"versionType": "proprietary"
}
]
}
],
"datePublic": "2024-11-26T11:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria Operations contains a local privilege escalation vulnerability.\u0026nbsp;\u0026nbsp;\u003c/span\u003eA malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to \u0026nbsp;a root user on the appliance running VMware Aria Operations."
}
],
"value": "VMware Aria Operations contains a local privilege escalation vulnerability.\u00a0\u00a0A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to \u00a0a root user on the appliance running VMware Aria Operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:50:20.202Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation vulnerability (CVE-2024-38831)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38831",
"datePublished": "2024-11-26T11:50:20.202Z",
"dateReserved": "2024-06-19T22:32:07.790Z",
"dateUpdated": "2024-11-26T15:06:18.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…