Addressing Security Vulnerabilities CVE-2024-22237, CVE-2024-22238, CVE-2024-22239, CVE-2024-22240 and CVE-2024-22241 in VMware Aria Operations for Networks (Formerly vRealize Network Insight) Version 6.12.0

search cancel

Addressing Security Vulnerabilities CVE-2024-22237, CVE-2024-22238, CVE-2024-22239, CVE-2024-22240 and CVE-2024-22241 in VMware Aria Operations for Networks (Formerly vRealize Network Insight) Version 6.12.0

book

Article ID: 324469

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:

Multiple vulnerabilities in Aria Operations for Networks were responsibly reported to VMware. Updates are available to remediate these vulnerabilities.

CVE-2024-22237:
Local Privilege Escalation vulnerability

CVE-2024-22238:
Cross Site Scripting Vulnerability

CVE-2024-22239:
Local Privilege Escalation vulnerability

CVE-2024-22240:
Local File Read vulnerability

CVE-2024-22241:
Cross Site Scripting vulnerability

These vulnerabilities and their impacts on Aria Operations for Networks are documented in the following VMware Security Advisory (VMSA), please review this document before continuing:
https://www.vmware.com/security/advisories/VMSA-2024-0002.html

Environment

VMware Aria Operations for Networks (formerly vRealize Network Insight) 6.x

Resolution

To mitigate the vulnerability, VMware highly recommends upgrading to Aria Operations for Networks version 6.12.0
For more details on refer to VMware Security Advisory (VMSA): https://www.vmware.com/security/advisories/VMSA-2024-0002.html

Workaround:
None

Additional Information

Impact/Risks:
Aria Operations for Networks(Formerly vRealize Network Insight) 6.x

Feedback

thumb_up Yes

thumb_down No