Deserialization Vulnerability in VMware Aria Operations for Logs
CVE-2023-34052
7.8HIGH
Key Information:
- Vendor
Vmware
- Vendor
- CVE Published:
- 20 October 2023
What is CVE-2023-34052?
VMware Aria Operations for Logs suffers from a deserialization vulnerability that can be exploited by an attacker with non-administrative access. This flaw allows a malicious actor to manipulate the data's deserialization process, potentially leading to authentication bypass, thereby compromising the integrity of user authentication and system security.
Affected Version(s)
VMware Aria Operations for Logs VMware Aria Operations for Logs 8.x, VMware Cloud Foundation (VMware Aria Operations for Logs) 5.x 4.x