InfoSecBulletin Cybersecurity for mankind
VMware revealed several critical vulnerabilities in its Aria Operations product, with the most severe allowing attackers to gain root user privileges on affected systems.
The advisory, VMSA-2024-0022, released on November 26, 2024, addresses five distinct vulnerabilities:
CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access
Australian fintech database exposed in 27000 records
Over 200 Million Info Leaked Online Allegedly Belonging to X
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
CIRT alert Situational Awareness for Eid Holidays
Cyberattack on Malaysian airports: PM rejected $10 million ransom
Micropatches released for Windows zero-day leaking NTLM hashes
CVE-2024-38831 is a local privilege escalation vulnerability with a CVSSv3 score of 7.8.
CVE-2024-38832 is a stored XSS vulnerability that has a CVSSv3 score of 7.1.
CVE-2024-38833 is a stored XSS vulnerability with a CVSSv3 score of 6.8.
CVE-2024-38834: A third stored XSS vulnerability with a CVSSv3 score of 6.5.
Stored XSS vulnerabilities (CVE-2024-38832, CVE-2024-38833, CVE-2024-38834) let attackers with editing permissions inject harmful scripts into views, email templates, and cloud provider settings. These scripts can run when other users access those parts of the application.
Vulnerabilities affect VMware Aria Operations versions 8.x up to 8.18.1, as well as VMware Cloud Foundation versions 4.x and 5.x that include it.
Patches Released:
VMware has issued patches for vulnerabilities, and users should update to version 8.18.2 of VMware Aria Operations to fix all five issues. Since there are no workarounds, it’s important for organizations to apply the patches promptly.
VMware has recognized several security researchers, including those from MoyunSec Vlab, Bing, and the Michelin CERT team, for responsibly reporting vulnerabilities.
