VMSA-2023-0007 | VMware Aria Operations for Logs (formerly vRealize Log Insight)

By Lerpong Intaraworrapath | May 27th ,2023

Critical severity

Impacted Products

VMware Aria Operations for Logs (formerly vRealize Log Insight).

CVE(s)

CVE-2023-20864, CVE-2023-20865

Synopsis

VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities. (CVE-2023-20864, CVE-2023-20865)

Introduction

Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products

Response Matrix

ProductVersionRunning OnFixed VersionWorkaroundsAdditional Documentation
VMware Aria Operations for Logs (Operations for Logs)8.10.2, 8.10, 8.8.x,
8.6.x
Any8.12NoneKB91831
VMware Cloud Foundation (VMware Aria Operations for Logs)4.xAnyKB91865KB91865KB91831

Change Log

2023-04-20 VMSA-2023-0007

Initial security advisory

VMware Security Advisories

http://www.vmware.com/security/advisories

https://www.vmware.com/security/advisories/VMSA-2023-0007.html