Deserialization Vulnerability in VMware Aria Operations for Logs
CVE-2023-34052

7.8HIGH

Key Information:

Vendor: Vmware
Status: Vmware Aria Operations For Logs
Vendor: CVE Published:; 20 October 2023

Summary

VMware Aria Operations for Logs suffers from a deserialization vulnerability that can be exploited by an attacker with non-administrative access. This flaw allows a malicious actor to manipulate the data's deserialization process, potentially leading to authentication bypass, thereby compromising the integrity of user authentication and system security.

Affected Version(s)

VMware Aria Operations for Logs VMware Aria Operations for Logs 8.x, VMware Cloud Foundation (VMware Aria Operations for Logs) 5.x 4.x

References

https://www.vmware.com/security/advisories/VMSA-2023-0021...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2023
Vulnerability Reserved
May 25, 2023