Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in VMware Aria Operations for Logs
Alerts

Critical Vulnerability in VMware Aria Operations for Logs

21 April 2023

VMware has released security updates to address a critical vulnerability (CVE-2023-20864) in VMware Aria Operations for Logs (formerly vRealize Log Insight). The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful exploitation of the deserialisation vulnerability could allow an unauthenticated attacker to execute arbitrary code as root.

Users and administrators of VMware Aria Operations for Logs (Operations for Logs) are advised to upgrade their software to version 8.12 immediately.

More information is available here:

https://www.vmware.com/security/advisories/VMSA-2023-0007.html

https://securityonline.info/cve-2023-20864-critical-vulnerability-in-vmware-aria-operations-for-logs/

https://www.bleepingcomputer.com/news/security/vmware-fixes-vrealize-bug-that-let-attackers-run-code-as-root/

Back to top