VMware has fixed two vulnerabilities (CVE-2023-20864, CVE-2023-20865) in VMware Aria Operations for Logs (formerly vRealize Log Insight), a widely used cloud solution for log analysis and management. About the vulnerabilities (CVE-2023-20864, CVE-2023-20865) CVE-2023-20864, a deserialization vulnerability, could be exploited by an unauthorized, malicious actor who has network access to VMware Aria Operations for Logs. This can result in the execution of arbitrary code as root. CVE-2023-20865 is a command injection vulnerability that allows a bad … More
The post VMware plugs security holes in VMware Aria Operations for Logs (CVE-2023-20864, CVE-2023-20865) appeared first on Help Net Security.