VMware VRealize Network Insight resttosaasservlet Remote Command Execution Vulnerability (CVE-2023-20887)
| Vulnerability | VMware VRealize Network Insight resttosaasservlet Remote Command Execution Vulnerability (CVE-2023-20887) |
|---|---|
| Chinese name | VMware VRealize Network Insight resttosaasservlet 远程命令执行漏洞(CVE-2023-20887) |
| CVSS core | 9.8 |
| FOFA Query (click to view the results directly) | title="VMware vRealize Network Insight" || body="vneraapp/assets/fonts/bootstrap/glyphicons-halflings-regular" || title="Operations for Networks" |
| Number of assets affected | 32 |
| Description | VMware Aria Operations is a unified, AI-driven autonomous IT operations management platform from VMware Inc. It is designed for private cloud, hybrid cloud, and multi-cloud environments.A security vulnerability exists in the /saas./resttosaasservlet component of VMware Aria Operations Networks 6.x series versions, which allows attackers to execute command injection attacks and subsequently result in remote code execution. |
| Impact | A security vulnerability exists in the saasresttosaasservlet component of VMware Aria Operations Networks 6.x series versions, which allows attackers to execute command injection attacks and subsequently result in remote code execution. |
