all InfoSec news
VMware plugs security holes in VMware Aria Operations for Logs (CVE-2023-20864, CVE-2023-20865)
Help Net Security www.helpnetsecurity.com
VMware has fixed two vulnerabilities (CVE-2023-20864, CVE-2023-20865) in VMware Aria Operations for Logs (formerly vRealize Log Insight), a widely used cloud solution for log analysis and management. About the vulnerabilities (CVE-2023-20864, CVE-2023-20865) CVE-2023-20864, a deserialization vulnerability, could be exploited by an unauthorized, malicious actor who has network access to VMware Aria Operations for Logs. This can result in the execution of arbitrary code as root. CVE-2023-20865 is a command injection vulnerability that allows a bad … More
The post …
access actor analysis aria bad cloud code command command injection cve cve-2023-20864 cve-2023-20865 deserialization don't miss enterprise exploited hot stuff injection insight log log analysis log management logs malicious management network network access operations result root security security holes security update solution vmware vmware aria operations for logs vrealize vrealize log insight vulnerabilities vulnerability