CVE-2023-20864

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vmwareCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
vmwarearia_operations_for_logs
8.10.2 ≤
𝑥
< 8.12.0
vmwarecloud_foundation
4.0 ≤
𝑥
≤ 4.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.vmware.com/security/advisories/VMSA-2023-0007.html
https://www.vmware.com/security/advisories/VMSA-2023-0007.html