CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1CVE-2023-34051
https://notcve.org/view.php?id=CVE-2023-34051
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. VMware Aria Operations for Logs contiene una vulnerabilidad de omisión de autenticación. Un actor malicioso no autenticado puede inyectar archivos en el sistema operativo de un dispositivo afectado, lo que puede resultar en la ejecución remota de código. • https://github.com/horizon3ai/CVE-2023-34051 https://www.vmware.com/security/advisories/VMSA-2023-0021.html • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34052
https://notcve.org/view.php?id=CVE-2023-34052
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass. VMware Aria Operations for Logs contiene una vulnerabilidad de deserialización. Un actor malintencionado con acceso no administrativo al sistema local puede desencadenar la deserialización de datos, lo que podría provocar una omisión de autenticación. • https://www.vmware.com/security/advisories/VMSA-2023-0021.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20865
https://notcve.org/view.php?id=CVE-2023-20865
VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. • https://www.vmware.com/security/advisories/VMSA-2023-0007.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 14%CPEs: 2EXPL: 0CVE-2023-20864 – VMware Aria Operations for Logs Cluster Controller Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-20864
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Aria Operations for Logs. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InternalClusterController class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://www.vmware.com/security/advisories/VMSA-2023-0007.html • CWE-502: Deserialization of Untrusted Data •