CVE-2023-34051

CRITICAL

VMware Aria Operations for Logs - RCE

Title source: llm

Description

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

Exploits (1)

nomisec WORKING POC 61 stars
by horizon3ai · poc
https://github.com/horizon3ai/CVE-2023-34051

References (1)

Scores

CVSS v3 9.8
EPSS 0.5774
EPSS Percentile 98.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-863
Status published

Affected Products (7)

vmware/aria_operations_for_logs
vmware/aria_operations_for_logs
vmware/aria_operations_for_logs
vmware/aria_operations_for_logs
vmware/aria_operations_for_logs
vmware/aria_operations_for_logs
vmware/aria_operations_for_logs

Timeline

Published Oct 20, 2023
Tracked Since Feb 18, 2026