Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| VMware | VMware Aria Operations for Logs | unaffected |
|
Configuration 1 [-]
|
No data.
No data available yet.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2025-2677 | VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration. |
Wed, 14 May 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Vmware
Vmware aria Operations For Logs Vmware cloud Foundation |
|
| CPEs | cpe:2.3:a:vmware:aria_operations_for_logs:*:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Vmware
Vmware aria Operations For Logs Vmware cloud Foundation |
Thu, 13 Mar 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 |
Wed, 12 Feb 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 30 Jan 2025 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration. | |
| Title | VMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22221) | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: vmware
Published:
Updated: 2025-03-13T13:45:16.580Z
Reserved: 2025-01-02T04:29:30.444Z
Link: CVE-2025-22221
Vulnrichment
Updated: 2025-02-12T19:44:56.496Z
NVD
Status : Analyzed
Published: 2025-01-30T16:15:31.257
Modified: 2025-05-14T16:47:14.977
Link: CVE-2025-22221
Redhat
No data.
OpenCVE Enrichment
No data.