GobyVuls/CVE-2023-20887.md

## VMware VRealize Network Insight resttosaasservlet Remote Command Execution Vulnerability (CVE-2023-20887)

|   **Vulnerability**  | **VMware VRealize Network Insight resttosaasservlet Remote Command Execution Vulnerability (CVE-2023-20887)**  |
| :----:   | :-----|
| **Chinese name**  | VMware VRealize Network Insight resttosaasservlet 远程命令执行漏洞（CVE-2023-20887） |
| **CVSS core**  | 9.8 |
| **FOFA Query**  (click to view the results directly)| [title="VMware vRealize Network Insight" \|\| body="vneraapp/assets/fonts/bootstrap/glyphicons-halflings-regular" \|\| title="Operations for Networks"](https://en.fofa.info/result?qbase64=dGl0bGU9IlZNd2FyZSB2UmVhbGl6ZSBOZXR3b3JrIEluc2lnaHQiIHx8IGJvZHk9InZuZXJhYXBwL2Fzc2V0cy9mb250cy9ib290c3RyYXAvZ2x5cGhpY29ucy1oYWxmbGluZ3MtcmVndWxhciIgfHwgdGl0bGU9Ik9wZXJhdGlvbnMgZm9yIE5ldHdvcmtzIg%3D%3D) |
| **Number of assets affected**  | 32 |
| **Description**  | VMware Aria Operations is a unified, AI-driven autonomous IT operations management platform from VMware Inc. It is designed for private cloud, hybrid cloud, and multi-cloud environments.A security vulnerability exists in the /saas./resttosaasservlet component of VMware Aria Operations Networks 6.x series versions, which allows attackers to execute command injection attacks and subsequently result in remote code execution. |
| **Impact** | A security vulnerability exists in the saasresttosaasservlet component of VMware Aria Operations Networks 6.x series versions, which allows attackers to execute command injection attacks and subsequently result in remote code execution. |

![](https://github.com/jwy456829/Goby/blob/master/CVE-2023-20887.gif)