Vulnerability Description
VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Aria Operations For Logs | >= 8.6.0, < 8.12.0 |
| Vmware | Cloud Foundation | >= 4.0, <= 4.5 |
Related Weaknesses (CWE)
References
- https://www.vmware.com/security/advisories/VMSA-2023-0007.htmlVendor Advisory
- https://www.vmware.com/security/advisories/VMSA-2023-0007.htmlVendor Advisory
FAQ
What is CVE-2023-20865?
CVE-2023-20865 is a vulnerability with a CVSS score of 7.2 (HIGH). VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.
How severe is CVE-2023-20865?
CVE-2023-20865 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-20865?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Aria Operations For Logs, Vmware Cloud Foundation.