Prioritizing Food Quality Over Carb or Fat Restrictions for Heart Health
Section: Health
Security Flaws Discovered in VMware Aria Operations
Fri 31st Jan, 2025
Broadcom has issued a warning regarding multiple security vulnerabilities in VMware Aria Operations for Logs and VMware Cloud Foundation, raising concerns over unauthorized access to sensitive information, including user credentials.
According to the security advisory, attackers can exploit these vulnerabilities to extract credentials stored within VMware Aria Operations for Logs, particularly affecting those with read-only administrative rights (CVE-2025-22218, CVSS 8.5, high risk). Additionally, non-administrative users may misuse an information leak to obtain credentials for plugins, provided they possess a valid service access ID (CVE-2025-22222, CVSS 7.7, high risk).
Further vulnerabilities identified include a Stored Cross-Site Scripting (XSS) flaw within VMware Operations for Logs, allowing attackers to inject malicious scripts capable of executing actions with administrative privileges (CVE-2025-22219, CVSS 6.8, medium risk). Another similar vulnerability permits those with admin rights to introduce scripts into the browsers of victims when they initiate a deletion operation within the agent configuration (CVE-2025-22221, CVSS 5.2, medium risk). Also, due to faulty permission checks, non-administrative accounts with network access to the Aria Operations for Logs API can perform certain tasks within the context of an admin user (CVE-2025-22220, CVSS 4.3, medium risk).
To address these vulnerabilities, VMware has released updates for VMware Aria Operations and VMware Aria Operations for Logs, specifically version 8.18.3. Moreover, updates for VMware Cloud Foundation versions 4.x and 5.x were made available on Thursday, deployable via the VMware Aria Suite Lifecycle Manager.
In recent developments, Broadcom had previously alerted VMware administrators about a critical SQL Injection vulnerability in the Avi Load Balancer that enabled attackers to execute unauthorized commands on the database.
The Part That Government Grants Play in Business Growth
Section: Arts
Innovative Mixed Reality Glasses Offer Hope for Individuals with Partial Vision Loss
Section: Health
The Power of Human Imagination beyond Artificial Intelligence
Section: Science
Nationwide Telecom Blackout Disrupts Spain's Major Networks
Section: News
From militant to president, has Syria's new leader Ahmed al-Sharaa gained legitimacy?
Section: News
New to Germany? Avoid These Common Health Insurance Mistakes
Section: Health Insurance
New Research Reveals Gender Disparities in Fat Breakdown
Section: Health
India-Pakistan military conflict escalates amid strikes and counter strikes; major cricket tournament IPL suspended indefinitely
Section: News
Struggling with School Writing? Here's How to Get Help and Improve Your Essays
Section: Arts
German Private Health Insurance
Health Insurance in Germany is compulsory and sometimes complicated, not to mention expensive. As an expat, you are required to navigate this landscape within weeks of arriving, so check our FAQ on PKV. For our guide on resources and access to agents who can give you a competitive quote, try our PKV Cost comparison tool.
Hospital and Clinic Directory
Germany is famous for its medical expertise and extensive number of hospitals and clinics. See this comprehensive directory of hospitals and clinics across the country, complete with links to their websites, addresses, contact info, and specializations/services.
Upcoming Events
Der Besuch der alten Dame
The granddaughter of Claire Zachanassian makes a return to Güllen, the impoverished hometown of her late grandmother, for a performance. Having never fully engaged with her grandmother's past, she is eager to finally discover Güllen. The sound of her last name stirs the entire town into action.
No comments yet. Be the first to comment!