VMware Aria Operations flaws could enable remote attacks
嗯,用户让我帮忙总结一下这篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头,直接写描述。好的,首先我得仔细阅读文章内容,抓住关键点。 文章主要讲的是Broadcom修复了VMware Aria Operations中的多个漏洞。其中最严重的是一个高危的远程代码执行漏洞,CVSS评分8.1。还有另一个高危的XSS漏洞,以及一个中危的权限提升漏洞。这些漏洞可能被攻击者利用,导致系统被控制或者数据泄露。 用户的需求是总结内容,所以我要提炼出主要信息:修复了哪些漏洞,漏洞的严重程度和影响。同时要注意字数限制,不能超过100字。 接下来,我需要把这些信息用简洁的语言表达出来。比如,“Broadcom修复了VMware Aria Operations中的多个安全漏洞”作为开头。然后提到高危的远程代码执行和XSS漏洞,以及中危的权限提升问题。最后提醒用户尽快更新以减少风险。 检查一下字数是否在限制内,并确保没有使用禁止的开头方式。这样就能满足用户的需求了。 </think> Broadcom修复了VMware Aria Operations中的多个安全漏洞,包括可能导致远程代码执行的高危命令注入漏洞(CVE-2026-22719)和高危存储型跨站脚本(XSS)漏洞(CVE-2026-22720),以及中危权限提升漏洞(CVE-2026-22721)。建议用户尽快更新以减少风险。 2026-2-24 15:2:3 Author: securityaffairs.com(查看原文) 阅读量:11 收藏

VMware Aria Operations flaws could enable remote attacks

Pierluigi Paganini February 24, 2026

Broadcom patched multiple VMware Aria Operations flaws, including high-severity issues that could enable remote code execution.

Broadcom has released security updates to address multiple vulnerabilities affecting VMware Aria Operations.

VMware Aria Operations is an IT operations management platform that helps organizations monitor and optimize virtual, cloud, and hybrid environments. It provides performance monitoring, capacity planning, automated alerting, and cost analysis, giving IT teams greater visibility and control over infrastructure to ensure efficiency, reliability, and compliance.

The most severe of the flaws is a command injection vulnerability, tracked as CVE-2026-22719 (CVSS 8.1), which an unauthenticated attacker can exploit remotely.

“A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.” reads the advisory.

This vulnerability was privately reported to Broadcom.

The company also addressed a high-severity stored cross-site scripting (XSS) flaw in Aria Operations. The vulnerability, tracked as CVE-2026-22720 (CVSS score of 8.0), is a stored cross-site scripting (XSS).

A threat actor with privileges to create custom benchmarks can exploit the flaw to inject script to perform administrative actions in VMware Aria Operations.

The third vulnerability addressed by Broadcom is a medium-severity privilege escalation issue, tracked as CVE-2026-22721 (CVSS score of 6.2) that can be exploited to obtain administrative access.

VMware Cloud Foundation (v9.0.2.0), VMware vSphere Foundation (v9.0.2.0), and Aria Operations (v8.18.6) address the above issues. Customers are strongly urged to apply these updates promptly to protect systems, minimize the risk of compromise, and reduce exposure to potential attacks.

The company did not say if any of these flaws was exploited in attacks in the wild.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Broadcom)


文章来源: https://securityaffairs.com/188445/security/vmware-aria-operations-flaws-could-enable-remote-attacks.html
如有侵权请联系:admin#unsafe.sh