VMware Aria Operations Flaws Exposed: A Threat to Remote Attacks

The world of cybersecurity is constantly evolving, with new vulnerabilities and threats emerging every day. Recently, a critical security issue was discovered in VMware Aria Operations, a popular IT operations management platform used by organizations worldwide. Broadcom has released patches for multiple high-severity vulnerabilities that could enable remote attacks, highlighting the importance of staying vigilant and proactive in protecting against cyber threats.

VMware Aria Operations is an essential tool for IT teams to monitor and optimize virtual, cloud, and hybrid environments. It provides performance monitoring, capacity planning, automated alerting, and cost analysis, giving organizations greater visibility and control over their infrastructure. However, this increased visibility also means that a single vulnerability could be exploited to launch a devastating attack.

The most severe of the flaws discovered is a command injection vulnerability, tracked as CVE-2026-22719 (CVSS 8.1). This allows an unauthenticated attacker to execute arbitrary commands remotely, potentially leading to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. The severity of this issue cannot be overstated, and it is essential that customers apply the patches immediately to protect their systems.

Another high-severity vulnerability discovered is a stored cross-site scripting (XSS) flaw, tracked as CVE-2026-22720 (CVSS score of 8.0). This allows an attacker with privileges to create custom benchmarks to inject script and perform administrative actions in VMware Aria Operations. The severity of this issue lies in its ability to allow an attacker to gain control over the platform's functionality.

A third vulnerability discovered is a medium-severity privilege escalation issue, tracked as CVE-2026-22721 (CVSS score of 6.2). This allows an attacker to obtain administrative access by exploiting a vulnerability in VMware Cloud Foundation (v9.0.2.0), VMware vSphere Foundation (v9.0.2.0), and Aria Operations (v8.18.6). While this issue is less severe than the others, it still poses a significant threat to organizations that use these platforms.

It's worth noting that Broadcom did not report any exploitation of these vulnerabilities in real-world attacks. However, this lack of information does not diminish the importance of addressing these issues promptly. By applying the patches and updates released by Broadcom, customers can significantly reduce the risk of compromise and exposure to potential attacks.

In conclusion, the discovery of these critical vulnerabilities in VMware Aria Operations highlights the need for organizations to stay vigilant and proactive in protecting their systems against cyber threats. The importance of regular security patching and monitoring cannot be overstated, especially when it comes to high-severity vulnerabilities that could enable remote attacks.

By staying informed about the latest security issues and updates, customers can take proactive steps to protect their organizations against emerging threats. Follow us on Twitter: @securityaffairs and Facebook and Mastodon for the latest cybersecurity news and insights.