From 0f263671d5536a8b3e8353830e62ef2d3e9c1204 Mon Sep 17 00:00:00 2001
From: Goby <50955360+gobysec@users.noreply.github.com>
Date: Sun, 25 Jun 2023 18:08:35 +0800
Subject: [PATCH] Create CVE-2023-20887.md

add CVE-2023-20887
---
 CVE-2023-20887.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 CVE-2023-20887.md

diff --git a/CVE-2023-20887.md b/CVE-2023-20887.md
new file mode 100644
index 0000000..1fea02d
--- /dev/null
+++ b/CVE-2023-20887.md
@@ -0,0 +1,12 @@
+## VMware VRealize Network Insight resttosaasservlet Remote Command Execution Vulnerability (CVE-2023-20887)
+
+|   **Vulnerability**  | **VMware VRealize Network Insight resttosaasservlet Remote Command Execution Vulnerability (CVE-2023-20887)**  |
+| :----:   | :-----|
+| **Chinese name**  | VMware VRealize Network Insight resttosaasservlet 远程命令执行漏洞（CVE-2023-20887） |
+| **CVSS core**  | 9.8 |
+| **FOFA Query**  (click to view the results directly)| [title="VMware vRealize Network Insight" \|\| body="vneraapp/assets/fonts/bootstrap/glyphicons-halflings-regular" \|\| title="Operations for Networks"](https://en.fofa.info/result?qbase64=dGl0bGU9IlZNd2FyZSB2UmVhbGl6ZSBOZXR3b3JrIEluc2lnaHQiIHx8IGJvZHk9InZuZXJhYXBwL2Fzc2V0cy9mb250cy9ib290c3RyYXAvZ2x5cGhpY29ucy1oYWxmbGluZ3MtcmVndWxhciIgfHwgdGl0bGU9Ik9wZXJhdGlvbnMgZm9yIE5ldHdvcmtzIg%3D%3D) |
+| **Number of assets affected**  | 32 |
+| **Description**  | VMware Aria Operations is a unified, AI-driven autonomous IT operations management platform from VMware Inc. It is designed for private cloud, hybrid cloud, and multi-cloud environments.A security vulnerability exists in the /saas./resttosaasservlet component of VMware Aria Operations Networks 6.x series versions, which allows attackers to execute command injection attacks and subsequently result in remote code execution. |
+| **Impact** | A security vulnerability exists in the saasresttosaasservlet component of VMware Aria Operations Networks 6.x series versions, which allows attackers to execute command injection attacks and subsequently result in remote code execution. |
+
+![](https://github.com/jwy456829/Goby/blob/master/CVE-2023-20887.gif)