Support Content Notification - Support Portal

VMSA-2023-0007:VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities.

Product/Component

VMware Aria Suite

1 more products

Notification Id

23669

Last Updated

08 July 2023

Initial Publication Date

18 April 2023

Status

CLOSED

Severity

CRITICAL

CVSS Base Score

7.2-9.8

WorkAround

Affected CVE

CVE-2023-20864,CVE-2023-20865

Advisory ID: VMSA-2023-0007.1

CVSSv3 Range: 7.2-9.8

Issue Date:2023-04-20

Updated On: 2023-07-10

CVE(s): CVE-2023-20864, CVE-2023-20865

Synopsis: VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities. (CVE-2023-20864, CVE-2023-20865)

1. Impacted Products

VMware Aria Operations for Logs (formerly vRealize Log Insight)

2. Introduction

Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products.

3a. VMware Aria Operations for Logs Deserialization Vulnerability (CVE-2023-20864)

Description

VMware Aria Operations for Logs contains a deserialization vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Known Attack Vectors

An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.

Resolution

To remediate CVE-2023-20864 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Documentation

None.

Notes

VMware has confirmed that exploit code for CVE-2023-20864 has been published.

Acknowledgements

VMware would like to thank Anonymous working with Trend Micro Zero Day Initiative for reporting this issue to us.

3b. VMware Aria Operations for Logs Command Injection Vulnerability (CVE-2023-20865)

Description

VMware Aria Operations for Logs contains a command injection vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2 .

Known Attack Vectors

A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.

Resolution

To remediate CVE-2023-20865 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds

None.

Additional Information

None.

Notes

None.

Acknowledgements

VMware would like to thank Y4er & MoonBack of 埃文科技 for reporting this vulnerability to us.

Response Matrix

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
VMware Aria Operations for Logs (Operations for Logs)	8.12	Any	CVE-2023-20864, CVE-2023-20865	N/A	N/A	Unaffected	None	KB91831
VMware Aria Operations for Logs (Operations for Logs)	8.10.2	Any	CVE-2023-20864, CVE-2023-20865	9.8, 7.2	critical	8.12	None	KB91831
VMware Aria Operations for Logs (Operations for Logs)	8.10	Any	CVE-2023-20864	N/A	N/A	Unaffected	None	KB91831
VMware Aria Operations for Logs (Operations for Logs)	8.10	Any	CVE-2023-20865	7.2	important	8.12	None	KB91831
VMware Aria Operations for Logs (Operations for Logs)	8.8.x	Any	CVE-2023-20864	N/A	N/A	Unaffected	None	KB91831
VMware Aria Operations for Logs (Operations for Logs)	8.8.x	Any	CVE-2023-20865	7.2	important	8.12	None	KB91831
VMware Aria Operations for Logs (Operations for Logs)	8.6.x	Any	CVE-2023-20864	N/A	N/A	Unaffected	None	KB91831
VMware Aria Operations for Logs (Operations for Logs)	8.6.x	Any	CVE-2023-20865	7.2	important	8.12	None	KB91831
VMware Cloud Foundation (VMware Aria Operations for Logs)	4.x	Any	CVE-2023-20864, CVE-2023-20865	9.8, 7.2	critical	KB91865	KB91865	KB91831