CVE-2023-20864
First published: Thu Apr 20 2023(Updated: )
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Aria Operations for Logs | >=8.10.2<8.12.0 | |
| VMware Cloud Foundation | >=4.0<=4.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-20864.
What is the severity level of CVE-2023-20864?
The severity level of CVE-2023-20864 is critical with a score of 9.8.
What is the affected software for CVE-2023-20864?
The affected software for CVE-2023-20864 are VMware Aria Operations for Logs versions 8.10.2 to 8.12.0 and VMware Cloud Foundation versions 4.0 to 4.5.
How does this vulnerability affect VMware Aria Operations for Logs?
This vulnerability allows an unauthenticated malicious actor with network access to VMware Aria Operations for Logs to execute arbitrary code as root.
Where can I find more information about CVE-2023-20864?
You can find more information about CVE-2023-20864 in the VMware Security Advisory VMSA-2023-0007 at the following link: https://www.vmware.com/security/advisories/VMSA-2023-0007.html.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware aria operations for logs
- version/vmware aria operations for logs/8.10.2
- canonical/vmware cloud foundation
- version/vmware cloud foundation/4.0
- version/vmware cloud foundation/4.5