VMSA-2023-0007:VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities.

VMware Tanzu Application Service

0 more products

23669

08 July 2023

18 April 2023

CLOSED

CRITICAL

7.2-9.8

CVE-2023-20864,CVE-2023-20865

VMSA-2023-0007.1
7.2-9.8
2023-04-20
2023-07-10
CVE-2023-20864, CVE-2023-20865
VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities. (CVE-2023-20864, CVE-2023-20865)
1. Impacted Products

VMware Aria Operations for Logs (formerly vRealize Log Insight)

2. Introduction

Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products.

3a. VMware Aria Operations for Logs Deserialization Vulnerability (CVE-2023-20864)

Description

VMware Aria Operations for Logs contains a deserialization vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Known Attack Vectors

An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.

Resolution

To remediate CVE-2023-20864 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Documentation

None.

Notes

VMware has confirmed that exploit code for CVE-2023-20864 has been published.

Acknowledgements

VMware would like to thank Anonymous working with Trend Micro Zero Day Initiative for reporting this issue to us.

3b. VMware Aria Operations for Logs Command Injection Vulnerability (CVE-2023-20865)

Description

VMware Aria Operations for Logs contains a command injection vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.

Known Attack Vectors

A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.

Resolution

To remediate CVE-2023-20865 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Information

None.

Notes

None.

Acknowledgements

VMware would like to thank Y4er & MoonBack of 埃文科技 for reporting this vulnerability to us.

Response Matrix

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
VMware Aria Operations for Logs (Operations for Logs)
8.12
Any
CVE-2023-20864, CVE-2023-20865
N/A
N/A
Unaffected
None
VMware Aria Operations for Logs (Operations for Logs)
8.10.2
Any
CVE-2023-20864, CVE-2023-20865
9.8, 7.2
critical
None
VMware Aria Operations for Logs (Operations for Logs)
8.10
Any
CVE-2023-20864
N/A
N/A
Unaffected
None
VMware Aria Operations for Logs (Operations for Logs)
8.10
Any
CVE-2023-20865
important
None
VMware Aria Operations for Logs (Operations for Logs)
8.8.x
Any
CVE-2023-20864
N/A
N/A
Unaffected
None
VMware Aria Operations for Logs (Operations for Logs)
8.8.x
Any
CVE-2023-20865
important
None
VMware Aria Operations for Logs (Operations for Logs)
8.6.x
Any
CVE-2023-20864
N/A
N/A
Unaffected
None
VMware Aria Operations for Logs (Operations for Logs)
8.6.x
Any
CVE-2023-20865
important
None
VMware Cloud Foundation (VMware Aria Operations for Logs)
4.x
Any
CVE-2023-20864, CVE-2023-20865
9.8, 7.2
critical
4. References
5. Change Log

2023-04-20 VMSA-2023-0007

Initial security advisory.

2023-07-10 VMSA-2023-0007.1

Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-20864 has been published.

6. Contact

E-mail: [email protected]

PGP key at:

https://kb.vmware.com/kb/1055

VMware Security Advisories

http://www.vmware.com/security/advisories

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog

https://blogs.vmware.com/security

 

Twitter

https://twitter.com/VMwareSRC

 

 

Copyright 2023 VMware Inc. All rights reserved.