all InfoSec news
CVE-2023-20864: VMware Aria Operations for Logs Deserialization Vulnerability
Cyber Exposure Alerts www.tenable.com
VMware issues advisory to address two flaws in its VMware Aria Operations for Logs solution, including a critical deserialization flaw assigned a CVSSv3 score of 9.8.
Background
On April 20, VMware published an advisory (VMSA-2023-0007) to address two vulnerabilities in VMware Aria Operations for Logs, formerly known as vRealize Log Insight, a centralized log management solution.
CVE | Description | CVSSv3 | VPR* |
---|---|---|---|
CVE-2023-20864 | Deserialization Vulnerability in VMware Aria Operations for Logs | 9.8 | 8.4 |
CVE-2023-20865 | OS Command Injection in VMware Aria Operations … |
address advisory april aria critical cve cve-2023-20864 deserialization flaw flaws insight log logs operations score solution vmware vmware aria operations for logs vrealize vrealize log insight vulnerabilities vulnerability