all InfoSec news
CVE-2023-20864: Remote Code Execution in VMware Aria Operations for Logs
Zero Day Initiative - Blog www.zerodayinitiative.com
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Jonathan Lein and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in VMware Aria Operations for Logs (formerly vRealize). This bug was originally submitted to the ZDI program by an anonymous researcher. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute …
aria blog post bug code code execution cve cve-2023-20864 logs micro operations program remote code remote code execution report research service team trend trend micro vmware vmware aria operations for logs vrealize vulnerability vulnerability research zdi