CVE-2023-20865
7.2HIGH
Key Information
- Vendor
- Vmware
- Status
- VMware Aria Operations for Logs (formerly vRealize Log Insight)
- Vendor
- CVE Published:
- 20 April 2023
Summary
VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.
Affected Version(s)
VMware Aria Operations for Logs (formerly vRealize Log Insight) = VMware Aria Operations for Logs (formerly vRealize Log Insight) prior to 8.12
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database