Aria Operations For Logs
CVE-2023-20865
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.
AnalysisAI
VMware Aria Operations for Logs contains a command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. Affected products include: Vmware Aria Operations For Logs, Vmware Cloud Foundation.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.
More in Aria Operations For Logs
View allVMware Aria Operations for Logs contains a deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulne
VMware Aria Operations for Logs contains an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), thi
VMware Aria Operations for Logs contains a deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerabi
VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.2), t
VMware Aria Operations for Logs contains a privilege escalation vulnerability. Rated medium severity (CVSS 4.3), this vu
VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.8),
VMware Aria Operations for Logs contains an information disclosure vulnerability. Rated high severity (CVSS 8.5), this v
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today