VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution.
The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) that could allow a malicious actor with network access to achieve remote code execution.
Also patched by VMware is another deserialization vulnerability (CVE-2023-20888) that’s rated 9.1 out of a maximum of 10 on the CVSS scoring system.