By Lerpong Intaraworrapath | September 7th ,2023
![](https://ilerpong.com/wp-content/uploads/2023/09/hacker-1944688_1280.jpg)
The version of the VMware Aria Operations for Logs (previously VMware vRealize Log Insight) program running on the remote system is 8.10.2. As a result, it is vulnerable to a remote code execution vulnerability caused by dangerous deserialization. An unauthenticated, a threat actor with network access to VMware Aria Operations for Logs can exploit this to execute arbitrary code as root.
https://www.vmware.com/security/advisories/VMSA-2023-0007.html
Solution
The issue has been fixed on VMware Aria Operations for Logs 8.12.
How can you update VMware Aria Operations for Logs from 8.10.2 to 8.12.0?
*In this article, we will upgrade a VMware Aria Operations for Logs cluster of three nodes.
1.Download the VMware Aria Operations for Logs version 8.12.0 update file.
- VMware Aria Operations for Logs 8.12 – Upgrade Package
- VMware-vRealize-Log-Insight-8.12.0-21696970.pak
- File size: 742.68 MB
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-12.29.31.png)
2.Take a snapshot of three nodes in VMware Aria Operations for Logs.
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-12.10.01.png)
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-12.14.56.png)
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-12.19.15.png)
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-12.20.17.png)
3.Log in to VMware Aria Operations and navigate to “Configuration” and “Cluster“.
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-11.43.45.png)
4.Select “UPGRADE CLUSTER“.
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-12.41.58.png)
5.Cluster upgrade can only be performed when connected directly to the primary node.
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-12.44.22.png)
6. You may navigate to “Configuration” and “Cluster” on the primary node, then click “UPGRADE CLUSTER” and choose an upgrade file..
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-12.54.35.png)
7.Click “UPGRADE“
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-13.02.04.png)
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-13.04.28.png)
8.Click “ACCEPT“.
![This image has an empty alt attribute; its file name is Screen-Shot-2566-09-05-at-13.05.09-1024x875.png](https://ilerpong.com/wp-content/uploads/2023/09/image.png)
9.Upgrade Log Insight is now progress. (Do not refresh or leave this page)
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-13.06.31.png)
10.One node of the VMware Aria Operations for Logs cluster has been successfully upgraded.
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-15.46.48.png)
11.Log in to VMware Aria Operations for Logs master node to verify upgrade status.
- Node 1 has been completed.
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-15.48.47.png)
- Node 2 has been completed.
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-15.51.51.png)
- Node 3 has been completed.
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-15.54.09.png)
12.VMware Aria Operations for Logs has been updated successfully
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-15.55.33.png)
13.Log in to VMware Aria Operations to verify the version.
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-15.58.43.png)
14.Check the dashboard and additional integrations.
![](https://ilerpong.com/wp-content/uploads/2023/09/Screen-Shot-2566-09-05-at-16.25.09.png)
Reference
https://www.vmware.com/security/advisories/VMSA-2023-0007.html
https://blogs.vmware.com/management/2023/04/whats-new-in-aria-operations-for-logs-8-12.html