By Lerpong Intaraworrapath | May 27th ,2023
Critical severity
Impacted Products
VMware Aria Operations for Logs (formerly vRealize Log Insight).
CVE(s)
CVE-2023-20864, CVE-2023-20865
Synopsis
VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities. (CVE-2023-20864, CVE-2023-20865)
Introduction
Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products
Response Matrix
| Product | Version | Running On | Fixed Version | Workarounds | Additional Documentation |
| VMware Aria Operations for Logs (Operations for Logs) | 8.10.2, 8.10, 8.8.x, 8.6.x | Any | 8.12 | None | KB91831 |
| VMware Cloud Foundation (VMware Aria Operations for Logs) | 4.x | Any | KB91865 | KB91865 | KB91831 |
Change Log
2023-04-20 VMSA-2023-0007
Initial security advisory
VMware Security Advisories
http://www.vmware.com/security/advisories
https://www.vmware.com/security/advisories/VMSA-2023-0007.html