VMware Patches Pre-Auth Code Execution Flaw in Logging Product


Powerhouse of virtualization technologies VMware’s enterprise-facing log analysis product still has serious security issues.The company issued a warning about the possibility of pre-authentication remote root exploits on Thursday in addition to shipping urgent updates to address severe security flaws in the VMware Aria Operations for Logs (formerly vRealize Log Insight) product line.

Two distinct vulnerabilities in the VMware Aria Operations for Logs package are listed as CVE-2023-20864 and CVE-2023-20865 in a critical-level advisory from VMware. The warning also offers recommendations to assist businesses fix the problems. The business stated in its documentation of the CVE-2023-20864 vulnerability that an unauthenticated, malicious actor with network access to VMware Aria Operations for Logs “might be able to execute arbitrary code as root.” The vulnerability has a severity rating of 9.8 out of 10.

Read More…