QID 378956
Date Published: 2023-10-24
QID 378956: VMware Aria Operations for Logs Multiple Security Vulnerabilities (VMSA-2023-0021)
VMWare has patched two vulnerabilities in its product VMware Aria Operations for Logs, which is formerly known as vRealize Log Insight.
VMware Aria Operations for Logs contains an authentication bypass vulnerability (CVE-2023-34051)
VMware Aria Operations for Logs contains a deserialization vulnerability (CVE-2023-34052)
Affected Versions:
VMware Aria Operations for Logs versions prior to 8.14.
Note : QID does not check for VMware Cloud Foundation
QID Detection Logic(Authenticated):
This QID checks for vulnerable versions of VMware Aria Operations for Logs Automation by fetching the version from /opt/vmware/etc/appliance-manifest.xml.
Successful exploitation of the vulnerability may allow an attacker to perform Command Injection Vulnerability and/or exploit a Deserialization Vulnerability.
- VMSA-2023-0021 -
www.vmware.com/security/advisories/VMSA-2023-0021.html
CVEs related to QID 378956
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| VMSA-2023-0021 |
www.vmware.com/security/advisories/VMSA-2023-0021.html |