CVE-2023-34052

Summary

VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass.

Affected Software

VendorProductVersion RangeStatus
n/aVMware Aria Operations for LogsVMware Aria Operations for Logs 8.x, VMware Cloud Foundation (VMware Aria Operations for Logs) 5.x 4.xaffected

Weaknesses

  • Deserialization Vulnerability

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References