New to Germany? Avoid These Common Health Insurance Mistakes
Section: Health Insurance
Security Flaws Discovered in VMware Aria Operations
Fri 31st Jan, 2025
Broadcom has issued a warning regarding multiple security vulnerabilities in VMware Aria Operations for Logs and VMware Cloud Foundation, raising concerns over unauthorized access to sensitive information, including user credentials.
According to the security advisory, attackers can exploit these vulnerabilities to extract credentials stored within VMware Aria Operations for Logs, particularly affecting those with read-only administrative rights (CVE-2025-22218, CVSS 8.5, high risk). Additionally, non-administrative users may misuse an information leak to obtain credentials for plugins, provided they possess a valid service access ID (CVE-2025-22222, CVSS 7.7, high risk).
Further vulnerabilities identified include a Stored Cross-Site Scripting (XSS) flaw within VMware Operations for Logs, allowing attackers to inject malicious scripts capable of executing actions with administrative privileges (CVE-2025-22219, CVSS 6.8, medium risk). Another similar vulnerability permits those with admin rights to introduce scripts into the browsers of victims when they initiate a deletion operation within the agent configuration (CVE-2025-22221, CVSS 5.2, medium risk). Also, due to faulty permission checks, non-administrative accounts with network access to the Aria Operations for Logs API can perform certain tasks within the context of an admin user (CVE-2025-22220, CVSS 4.3, medium risk).
To address these vulnerabilities, VMware has released updates for VMware Aria Operations and VMware Aria Operations for Logs, specifically version 8.18.3. Moreover, updates for VMware Cloud Foundation versions 4.x and 5.x were made available on Thursday, deployable via the VMware Aria Suite Lifecycle Manager.
In recent developments, Broadcom had previously alerted VMware administrators about a critical SQL Injection vulnerability in the Avi Load Balancer that enabled attackers to execute unauthorized commands on the database.
New Research Reveals Gender Disparities in Fat Breakdown
Section: Health
India-Pakistan military conflict escalates amid strikes and counter strikes; major cricket tournament IPL suspended indefinitely
Section: News
Struggling with School Writing? Here's How to Get Help and Improve Your Essays
Section: Arts
Die Evolution des Medizintourismus: Wie Länder um Gesundheitsreisende konkurrieren
Section: Arts
South Korea Reports Ballistic Missile Launches from North Korea
Section: Politics
Are war clouds looming over India-Pakistan border?
Section: Politics
No let-up in outrage against Pakistan a week after Pahalgam terrorist attack
Section: News
Inside the Conclave: 10 Fascinating Facts About the Secretive Process to Elect a New Pope
Section: Politics
Public vs Private Health Insurance in Germany: What Young Foreign Professionals Need to Know
Section: Health Insurance
German Private Health Insurance
Health Insurance in Germany is compulsory and sometimes complicated, not to mention expensive. As an expat, you are required to navigate this landscape within weeks of arriving, so check our FAQ on PKV. For our guide on resources and access to agents who can give you a competitive quote, try our PKV Cost comparison tool.
Hospital and Clinic Directory
Germany is famous for its medical expertise and extensive number of hospitals and clinics. See this comprehensive directory of hospitals and clinics across the country, complete with links to their websites, addresses, contact info, and specializations/services.
Upcoming Events
Offene Wunde
Offene Wunde is a documentary theater piece about the attack at the Olympia Einkaufszentrum (OEZ) by Tunay Önder and Christine Umpfenbach. On July 22, 2016, a perpetrator motivated by racism killed nine young people from Munich: Armela, Can, Dijamant, Guiliano, Hüseyin, Roberto, Sabine, Selçuk,...
No comments yet. Be the first to comment!