VMware plugs security holes in VMware Aria Operations for Logs (CVE-2023-20864, CVE-2023-20865) | allinfosecnews.com

April 24, 2023, 11:18 a.m. | Helga Labus

Help Net Security www.helpnetsecurity.com

VMware has fixed two vulnerabilities (CVE-2023-20864, CVE-2023-20865) in VMware Aria Operations for Logs (formerly vRealize Log Insight), a widely used cloud solution for log analysis and management. About the vulnerabilities (CVE-2023-20864, CVE-2023-20865) CVE-2023-20864, a deserialization vulnerability, could be exploited by an unauthorized, malicious actor who has network access to VMware Aria Operations for Logs. This can result in the execution of arbitrary code as root. CVE-2023-20865 is a command injection vulnerability that allows a bad … More →

The post …

access actor analysis aria bad cloud code command command injection cve cve-2023-20864 cve-2023-20865 deserialization don't miss enterprise exploited hot stuff injection insight log log analysis log management logs malicious management network network access operations result root security security holes security update solution vmware vmware aria operations for logs vrealize vrealize log insight vulnerabilities vulnerability

More from www.helpnetsecurity.com / Help Net Security

Most people still rely on memory or pen and paper for password management 2 days, 3 hours ago | www.helpnetsecurity.com

accounts australia authentication bitwarden +24

LSA Whisperer: Open-source tools for interacting with authentication packages 2 days, 3 hours ago | www.helpnetsecurity.com

authentication azuread cybersecurity github +16

What AI can tell organizations about their M&A risk 2 days, 4 hours ago | www.helpnetsecurity.com

acquisition adoption ai adoption amp +19

Breaking down the numbers: Cybersecurity funding activity recap 2 days, 4 hours ago | www.helpnetsecurity.com

10 million aim aim security alethea +55

New infosec products of the week: April 26, 2024 2 days, 5 hours ago | www.helpnetsecurity.com

april capabilities cyber cyberint +21

Net neutrality has been restored 2 days, 13 hours ago | www.helpnetsecurity.com

actions broadband communications consumers +24

Stellar Cyber and Acronis team up to provide optimized threat detection solutions for MSPs 2 days, 18 hours ago | www.helpnetsecurity.com

acronis aim and response cloud +22

Edgio Client-Side Protection enables organizations to secure critical customer data 2 days, 19 hours ago | www.helpnetsecurity.com

apis browser client client-side +26

IBM to buy HashiCorp in $6.4 billion cash deal, expanding cloud portfolio 2 days, 19 hours ago | www.helpnetsecurity.com

agreement capabilities cash cloud +18

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Associate Principal Security Engineer

@ Activision Blizzard | Work from Home - CA

View on infosec-jobs.com

Security Engineer- Systems Integration

@ Meta | Bellevue, WA | Menlo Park, CA | New York City

View on infosec-jobs.com

Lead Security Engineer (Digital Forensic and IR Analyst)

@ Blue Yonder | Hyderabad

View on infosec-jobs.com

Senior Principal IAM Engineering Program Manager Cybersecurity

@ Providence | Redmond, WA, United States

View on infosec-jobs.com

Information Security Analyst II or III

@ Entergy | The Woodlands, Texas, United States

View on infosec-jobs.com