CVE-2023-20864

EUVD-2023-25038
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
vmwarearia_operations_for_logs
8.10.2 ≤
𝑥
< 8.12.0
vmwarecloud_foundation
4.0 ≤
𝑥
≤ 4.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.vmware.com/security/advisories/VMSA-2023-0007.html
https://www.vmware.com/security/advisories/VMSA-2023-0007.html