Critical Vulnerability in VMware Aria Operations for Logs

Published on 21 Apr 2023

VMware has released security updates to address a critical vulnerability (CVE-2023-20864) in VMware Aria Operations for Logs (formerly vRealize Log Insight). The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful exploitation of the deserialisation vulnerability could allow an unauthenticated attacker to execute arbitrary code as root.

Users and administrators of VMware Aria Operations for Logs (Operations for Logs) are advised to upgrade their software to version 8.12 immediately.

More information is available here:
https://www.vmware.com/security/advisories/VMSA-2023-0007.html
https://securityonline.info/cve-2023-20864-critical-vulnerability-in-vmware-aria-operations-for-logs/
https://www.bleepingcomputer.com/news/security/vmware-fixes-vrealize-bug-that-let-attackers-run-code-as-root/
Tags
Alerts Alerts & Advisories
Share