Lucene search

[email protected]NVD:CVE-2023-34051

HistoryOct 20, 2023 - 5:15 a.m.

CVE-2023-34051

2023-10-2005:15:07

CWE-863

[email protected]

web.nvd.nist.gov

vmware

aria operations

authentication

bypass

remote code execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

JSON

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

Affected configurations

NVD

Node

vmwarearia_operations_for_logsMatch4.0

vmwarearia_operations_for_logsMatch5.0

vmwarearia_operations_for_logsMatch8.6

vmwarearia_operations_for_logsMatch8.8

vmwarearia_operations_for_logsMatch8.10

vmwarearia_operations_for_logsMatch8.10.2

vmwarearia_operations_for_logsMatch8.12

References

www.vmware.com/security/advisories/VMSA-2023-0021.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

JSON

Related for NVD:CVE-2023-34051

cvelist1 hivepro1 nessus1 prion1 cve1 githubexploit1 vmware1 thn1 avleonov1