CVE-2024-22241

MEDIUM

Aria Operations for Networks - XSS

Title source: llm

Description

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.

References (1)

[Vendor Advisory] https://www.vmware.com/security/advisories/VMSA-2024-0002.html

Scores

CVSS v3 4.3

EPSS 0.0412

EPSS Percentile 88.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Classification

CWE

CWE-79

Status published

Affected Products (1)

vmware/aria_operations_for_networks < 6.12.0

Timeline

Published Feb 06, 2024

Tracked Since Feb 18, 2026