VMware Aria Operations Deserialization Vulnerability

  1. Current Security Vulnerability Reports
  2. Archive
  3. VMware Aria Operations Deserialization Vulnerability

VMware Aria Operations Deserialization Vulnerability

On May 01, 2023, a Vmware deserialization vulnerability has been released.

VMware Aria Operations Deserialization Vulnerability

According to the released report, VMware Aria Operations for Logs contains a deserialization vulnerability and unauthenticated, malicious actors with network access to VMware Aria Operations for Logs may possibly execute arbitrary code as root. ( CVE-2023-20864 )

Affected Systems

  • cpe:2.3:a:vmware:aria_operations_for_logs:*:*:*:*:*:*:*:* From (including) 8.10.2 Up to (excluding) 8.12.0
  • cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*From (including) 4.0 up to (excluding) 4.5

IoC’s

-

Recommended Solution(s)

Vmware recommends upgrading to the fixed version as documented in the advisory.

Mitigations

-

CVE / CWE

CVE-2023-20864

Related Website(s)

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.

Current Security Vulnerability Reports

Current Security Vulnerability Reports
SolarWinds Serv-U Remote Code Execution Vulnerability

21/07/2021
Current Security Vulnerability Reports
Microsoft Exchange Server Remote Code Execution Vulnerability-34473

21/07/2021
Current Security Vulnerability Reports
Microsoft Exchange Server Remote Code Execution Vulnerability-31206

21/07/2021
Current Security Vulnerability Reports
VMware VCenter Remote Code Execution Vulnerability

26/05/2021
Current Security Vulnerability Reports
Microsoft Exchange Server Remote Code Execution Vulnerabilities

14/04/2021
Current Security Vulnerability Reports
March 2021 Microsoft Exchange 0-Day Reports

03/03/2021
Current Security Vulnerability Reports
Spectre Vulnerability Exploitation

03/03/2021
Current Security Vulnerability Reports
Masslogger Phishing Campaign

19/02/2021
Current Security Vulnerability Reports
SolarWinds: Raindrop Malware

20/01/2021
Current Security Vulnerability Reports
SolarWinds Orion API Authentication Bypass Vulnerability

28/12/2020
Current Security Vulnerability Reports
SolarWinds Sunburst Attack Campaign

22/12/2020
Current Security Vulnerability Reports
StrongPity Watering Hole

07/07/2020
Current Security Vulnerability Reports
Microsoft SMBv3 Compression Vulnerability

11/03/2020
Current Security Vulnerability Reports
Critical Microsoft Vulnerability – March 2020

11/03/2020
Current Security Vulnerability Reports
MS Exchange Validation Key Remote Code Execution Vulnerability

28/02/2020
İSTANBUL

+90 216 504 53 30

+90 216 504 53 32

info@barikat.com.tr

Aydınevler Mahallesi,İsmet İnönü Cadddesi,Küçükyalı Ofis Park A Blok,No:20/1 Maltepe İstanbul

ANKARA

+90 312 235 44 41

+90 312 235 44 51

info@barikat.com.tr

Mustafa Kemal Mahallesi, Dumlupınar Bulvarı No:164, Kentpark Ofis, Kat:4 Daire:06 Çankaya, 06510 Ankara, Turkey

AMSTERDAM

+90 216 504 53 30

+90 216 504 53 32

info@barikatbv.com

Millenium Tower Floor 29, Radarweg 29 1045 XN Amsterdam, Netherlands

VULNERABILITY NEWSLETTER

You can register to our newsletter on the home page to be instantly informed about security vulnerabilities.

Barikat Cyber Security

© 2021 Barikat Cyber Security All rights reserved.