CVE-2023-34051 — Incorrect Authorization in Vmware Aria Operations FOR Logs

CWE-863 — Incorrect Authorization5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

57.7%

top 1.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Aria Operations FOR Logs Vmware Aria Operations FOR Logs

Timeline

PublishedOct 20

Latest updateOct 24

Description

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5vmware/vmware_aria_operations_for_logsVMware Aria Operations for Logs 8.x, VMware Cloud Foundation (VMware Aria Operations for Logs) 5.x 4.x

▶NVDvmware/aria_operations7 versions+6

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-ghvx-5v39-7hv5: VMware Aria Operations for Logs contains an authentication bypass vulnerability↗2023-10-20

▶

CVEList

CVE-2023-34051: VMware Aria Operations for Logs contains an authentication bypass vulnerability↗2023-10-20

▶

📋Vendor Advisories

VMware

VMware Aria Operations for Logs updates address multiple vulnerabilities. (CVE-2023-34051, CVE-2023-34052)↗2023-10-19

▶

🕵️Threat Intelligence

Bleepingcomputer

VMware warns admins of public exploit for vRealize RCE flaw↗2023-10-24

▶