CVE-2023-20865: Command Injection
First published: Thu Apr 20 2023(Updated: )
VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Aria Operations for Logs | >=8.6.0<8.12.0 | |
| VMware Cloud Foundation | >=4.0<=4.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-20865.
What is the title of the vulnerability?
The title of the vulnerability is 'VMware Aria Operations for Logs contains a command injection vulnerability'.
What is the description of the vulnerability?
The vulnerability allows a malicious actor with administrative privileges in VMware Aria Operations for Logs to execute arbitrary commands as root.
What is the affected software?
The affected software includes VMware Aria Operations for Logs (versions between 8.6.0 and 8.12.0) and VMware Cloud Foundation (versions between 4.0 and 4.5).
What is the severity of the vulnerability?
The severity of the vulnerability is high with a CVSS score of 7.2.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware aria operations for logs
- version/vmware aria operations for logs/8.6.0
- canonical/vmware cloud foundation
- version/vmware cloud foundation/4.0
- version/vmware cloud foundation/4.5