VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities. (CVE-2023-20864, CVE-2023-20865)
1. Impacted Products
VMware Aria Operations for Logs (formerly vRealize Log Insight)
2. Introduction
Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products.
3a. VMware Aria Operations for Logs Deserialization Vulnerability (CVE-2023-20864)
Description
VMware Aria Operations for Logs contains a deserialization vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Known Attack Vectors
An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.
Resolution
To remediate CVE-2023-20864 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities. (CVE-2023-20864, CVE-2023-20865)
