CVE-2023-20864

CRITICAL NUCLEI

Vmware Aria Operations For Logs < 8.12.0 - Insecure Deserialization

Title source: rule

Description

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.

Nuclei Templates (1)

VMware Aria Operations for Logs - Unauthenticated Remote Code Execution

CRITICALVERIFIEDby rootxharsh,iamnoooob,pdresearch

Shodan: title:"vRealize Log Insight" || http.title:"vrealize log insight"

FOFA: title="vrealize log insight"

References (1)

[Vendor Advisory] https://www.vmware.com/security/advisories/VMSA-2023-0007.html

Scores

CVSS v3 9.8

EPSS 0.9293

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (2)

vmware/aria_operations_for_logs < 8.12.0

vmware/cloud_foundation < 4.5

Timeline

Published Apr 20, 2023

Tracked Since Feb 18, 2026