CVE-2026-22719
VMware Aria Operations command injection vulnerability
Em resumo
O VMware Aria Operations possui uma vulnerabilidade que permite que atacantes executem comandos não autorizados no sistema sem precisar fazer login, podendo tomar controle total do software durante processos de migração de dados.
Detalhe técnico
Essa vulnerabilidade de injeção de comando (CWE-77) no VMware Aria Operations pode ser explorada por um atacante não autenticado durante a migração assistida de dados para executar comandos arbitrários, resultando em execução remota de código. O vetor de ataque é pela rede e requer que o recurso de migração esteja ativo.
Resumo gerado e traduzido por IA a partir da descrição oficial.
VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.
To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001
Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
VMware · Telco Cloud InfrastructureVMware · Telco Cloud PlatformVMware · VMware Aria OperationsVMware · VMware Cloud Foundation OperationsQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://knowledge.broadcom.com/external/article/430349https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-22719