Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                           CERT-Renater

               Note d'Information No. 2025/VULN060

_____________________________________________________________________

DATE                : 31/01/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running VMware Aria Operations for logs,
                   VMware Aria Operations versions prior to 8.18.3,
                                VMware Cloud Foundation.

=====================================================================
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329
_____________________________________________________________________

VMSA-2025-0003: VMware Aria Operations for Logs and VMware Aria
Operations updates address multiple vulnerabilities (CVE-2025-22218,
CVE-2025-22219, CVE-2025-22220, CVE-2025-22221 and CVE-2025-22222)


Product/Component

VMware Aria Operations
VMware Aria Suite
VMware Cloud Foundation

Notification Id

25329

Last Updated

30 January 2025

Initial Publication Date

30 January 2025

Status

OPEN

Severity

HIGH

CVSS Base Score


WorkAround

Affected CVE

 
Advisory ID:                  VMSA-2025-0003
Advisory Severity:         Important
CVSSv3 Range:                 5.2-8.5

Synopsis:         VMware Aria Operations for Logs and VMware Aria
Operations updates address multiple vulnerabilities (CVE-2025-22218,
CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, CVE-2025-22222)

Issue date:         2025-01-30
Updated on:         2025-01-30
CVE(s)          CVE-2025-22218, CVE-2025-22219, CVE-2025-22220,
CVE-2025-22221, CVE-2025-22222

1. Impacted Products

    VMware Aria Operations for logs
    VMware Aria Operations
    VMware Cloud Foundation

2. Introduction

 Multiple vulnerabilities in VMware Aria Operations for logs and
VMware Aria Operations were privately reported to VMware. Patches
are available to remediate these vulnerabilities in the affected
VMware products.

3a.  VMware Aria Operations for Logs information disclosure
vulnerability (CVE-2025-22218)

Description:

 VMware Aria Operations for Logs contains an information disclosure
vulnerability. VMware has evaluated the severity of this issue to be
in the Important severity range with a maximum CVSSv3 base score of
8.5.

Known Attack Vectors:

A malicious actor with View Only Admin permissions may be able to read
the credentials of a VMware product integrated with VMware Aria
Operations for Logs.

Resolution:
To remediate CVE-2025-22218, apply the patches listed in the 'Fixed
Version' column of the 'Response Matrix' found below.

Workarounds:
None.

Additional Documentation:
None.

Acknowledgements:
VMware would like to thank Maxime Escourbiac, Michelin CERT, Yassine
Bengana, Abicom from Michelin CERT and Quentin Ebel, Abicom from
Michelin CERT for reporting this issue to us.

Notes:
None.


3b.  VMware Aria Operations for Logs stored cross-site scripting
vulnerability (CVE-2025-22219)

Description:

VMware Aria Operations for Logs contains a stored cross-site scripting
vulnerability. VMware has evaluated the severity of this issue to be
in the Important severity range with a maximum CVSSv3 base score of
6.8.

Known Attack Vectors:

A malicious actor with non-administrative privileges may be able to
inject a malicious script that  (can perform stored cross-site
scripting) may lead to arbitrary operations as admin user.

Resolution:
To remediate CVE-2025-22219, apply the patches listed in the 'Fixed
Version' column of the 'Response Matrix' found below.

Workarounds:
None.

Additional Documentation:
None.

Acknowledgements:
VMware would like to thank Maxime Escourbiac, Michelin CERT, Yassine
Bengana, Abicom from Michelin CERT and Quentin Ebel, Abicom from
Michelin CERT for reporting this issue to us.

Notes:
None.

 
3c.  VMware Aria Operations for Logs broken access control
vulnerability (CVE-2025-22220)

Description:

VMware Aria Operations for Logs contains a privilege escalation
vulnerability. VMware has evaluated the severity of this issue to
be in the Moderate severity range with a maximum CVSSv3 base score
of 4.3.

Known Attack Vectors:

A malicious actor with non-administrative privileges and network
access to Aria Operations for Logs API may be able to perform
certain operations in the context of an admin user.


Resolution:
To remediate CVE-2025-22220, apply the patches listed in the
'Fixed Version' column of the 'Response Matrix' found below.

Workarounds:
None.

Additional Documentation:
None.

Acknowledgements:
VMware would like to thank Maxime Escourbiac, Michelin CERT,
Yassine Bengana, Abicom from Michelin CERT and Quentin Ebel,
Abicom from Michelin CERT for reporting this issue to us.

Notes:
None.

3d.  VMware Aria Operations for Logs stored cross-site
scripting vulnerability (CVE-2025-22221)

Description:

VMware Aria Operation for Logs contains a stored cross-site
scripting vulnerability . VMware has evaluated the severity of
this issue to be in the Moderate severity range with a maximum
CVSSv3 base score of 5.2.

Known Attack Vectors:

A malicious actor with admin privileges to VMware Aria
Operations for Logs may be able to inject a malicious script
that could be executed in a victim's browser when performing
a delete action in the Agent Configuration.

Resolution:
To remediate CVE-2025-22221, apply the patches listed in the
'Fixed Version' column of the 'Response Matrix' found below.

Workarounds:
None.

Additional Documentation:
None.

Acknowledgements:
VMware would like to thank Maxime Escourbiac, Michelin CERT,
Yassine Bengana, Abicom from Michelin CERT and Quentin Ebel,
Abicom from Michelin CERT for reporting this issue to us.

Notes:
None.

 
3e.  VMware Aria Operations information disclosure vulnerability
(CVE-2025-22222)

Description

VMware Aria Operations contains an information disclosure
vulnerability. VMware has evaluated the severity of this issue to
be in the Important severity range with a maximum CVSSv3 base
score of 7.7 .

Known Attack Vectors:

A malicious user with non-administrative privileges may exploit
this vulnerability to retrieve credentials for an outbound plugin
if a valid service credential ID is known.

Resolution:

To remediate CVE-2025-22222 apply the patches listed in the
'Fixed Version' column of the 'Response Matrix' found below.

Workarounds:

None.

Additional Documentation:

None.

Acknowledgements:

VMware would like to thank Maxime Escourbiac, Michelin CERT,
Yassine Bengana, Abicom from Michelin CERT and Quentin Ebel,
Abicom from Michelin CERT for reporting this issue to us.

Notes:

None.


Response Matrix:
 
Product    Version    Running On    CVE(s)    CVSSv3    Severity
Fixed versions    Workarounds    Additional Documentation

VMware Aria Operations for logs  8.x   Any    CVE-2025-22218,
CVE-2025-22219, CVE-2025-22220, CVE-2025-22221    8.5, 6.8, 4.3, 5.2
        Important     8.18.3    None    None

VMware Aria Operations    8.x    Any     CVE-2025-22222    7.7
Important     8.18.3     None    None

VMware Cloud Foundation    5.x, 4.x    Any    CVE-2025-22218,
CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, CVE-2025-22222
  8.5, 6.8, 4.3, 5.2, 7.7    Important    KB92148   None   None


4. References:

Fixed Version(s) and Release Notes:

Aria Operations for Logs 8.18.3

https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Aria%20Operations%20for%20Logs&displayGroup=VMware%20Aria%20Operations%20for%20Logs&release=8.18.3&os=&servicePk=527517&language=EN

https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations-for-logs/8-18/vmware-aria-operations-for-logs-8183-release-notes.html

Aria Operations 8.18.3

https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Aria%20Operations&displayGroup=VMware%20Aria%20Operations&release=8.18.3&os=&servicePk=527515&language=EN

https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8183-release-notes.html

 

Additional Documentation:

None.

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22218

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22219

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22220

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22221

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22222

FIRST CVSSv3 Calculator:

CVE-2025-22218: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2025-22219: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CVE-2025-22220: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVE-2025-22221: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

CVE-2025-22222: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N


5. Change Log:

2025-01-30: VMSA-2025-0003
Initial security advisory.


6. Contact:

E-mail: vmware.psirt@broadcom.com

PGP key
https://knowledge.broadcom.com/external/article/321551

VMware Security Advisories
https://www.broadcom.com/support/vmware-security-advisories

VMware External Vulnerability Response and Remediation Policy
https://www.broadcom.com/support/vmware-services/security-response

VMware Lifecycle Support Phases
https://support.broadcom.com/group/ecx/productlifecycle

VMware Security Blog
https://blogs.vmware.com/security

X
https://x.com/VMwareSRC

Copyright 2025 Broadcom All rights reserved.


        
=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================