{"id":11100,"date":"2026-03-04T10:04:20","date_gmt":"2026-03-04T10:04:20","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/03\/04\/cisa-warns-of-vmware-aria-operations-vulnerability-exploited-in-attacks\/"},"modified":"2026-03-04T10:04:20","modified_gmt":"2026-03-04T10:04:20","slug":"cisa-warns-of-vmware-aria-operations-vulnerability-exploited-in-attacks","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/03\/04\/cisa-warns-of-vmware-aria-operations-vulnerability-exploited-in-attacks\/","title":{"rendered":"CISA Warns of VMware Aria Operations Vulnerability Exploited in Attacks"},"content":{"rendered":"

CISA Warns of VMware Aria Operations Vulnerability Exploited in Attacks
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

A critical vulnerability affecting VMware Aria Operations has been added to the Known Exploited Vulnerabilities (KEV) catalog.<\/p>\n

Broadcom recently issued a security advisory detailing a flaw that allows unauthenticated attackers to execute arbitrary commands.<\/a><\/p>\n

Organizations are urged to implement mitigations or discontinue use of the product if a fix is not possible.<\/p>\n

VMware Aria Operations Vulnerability<\/strong><\/h2>\n

VMware Aria Operations<\/a>, formerly known as vRealize Operations (vROps), is an IT operations management platform that monitors, manages, and optimizes data centers and cloud environments.<\/p>\n

The newly added vulnerability involves a command injection flaw<\/a> that can lead to remote code execution (RCE) during support-assisted product migrations.<\/p>\n

Because this vulnerability does not require authentication, it poses a significant risk to affected organizations.<\/p>\n

\n\n\n\n\n\n
CVE ID<\/th>\nDescription<\/th>\nCVSS Score<\/th>\nCWE<\/th>\nKnown Ransomware Use<\/th>\nAdded to KEV<\/th>\n<\/tr>\n<\/thead>\n
CVE-2026-22719<\/a><\/td>\nVMware Aria Operations command injection allowing remote code execution.<\/td>\nN\/A<\/td>\nCWE-77<\/td>\nUnknown<\/td>\nMarch 3, 2026<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

An attacker who successfully exploits this flaw could gain unauthorized access to the underlying system<\/a>, execute arbitrary commands, and potentially compromise the entire IT infrastructure.<\/p>\n

The issue was initially discovered and reported, leading Broadcom to release patches and mitigations.<\/p>\n

However, CISA has now confirmed that active exploitation<\/a> is occurring in the wild, prompting its addition to the KEV catalog.<\/p>\n

While CISA has confirmed active exploitation, details regarding the specific threat actors or campaigns leveraging this vulnerability remain undisclosed. It is currently unknown if this flaw has been used in ransomware attacks<\/a>.<\/p>\n

CISA\u2019s Binding Operational Directive (BOD) 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies address vulnerabilities listed in the KEV catalog within a specific timeframe.<\/p>\n

In this case, agencies have until March 24, 2026, to apply the necessary mitigations or discontinue use of the product if no mitigations are available.<\/p>\n

Organizations outside the federal government are also strongly encouraged to prioritize patching<\/a> <\/a>or applying vendor-recommended mitigations.<\/p>\n

Broadcom has provided instructions for mitigating the risk, and users should consult the official advisory for detailed guidance.<\/p>\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n

The post CISA Warns of VMware Aria Operations Vulnerability Exploited in Attacks<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Abinaya
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

CISA Warns of VMware Aria Operations Vulnerability Exploited in Attacks A critical vulnerability affecting VMware Aria Operations has been added to the Known Exploited Vulnerabilities (KEV) catalog. Broadcom recently issued a security advisory detailing a flaw that allows unauthenticated attackers to execute arbitrary commands. Organizations are urged to implement mitigations or discontinue use of the […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,648],"tags":[130],"class_list":["post-11100","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/11100"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=11100"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/11100\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=11100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=11100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=11100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}