"VMware Warns of Exploit Available for Critical vRealize RCE Bug"
VMware has warned customers that exploit code for a critical vulnerability in the VMware Aria Operations for Logs analysis tool, which helps administrators manage terabytes of application and infrastructure logs in large environments, is now available. The flaw, tracked as CVE-2023-20864, is a deserialization vulnerability that was patched in April. It allows unauthenticated attackers to execute code remotely on unpatched appliances. Successful exploitation allows threat actors to execute arbitrary code as root following low-complexity attacks that do not require user interaction. This article continues to discuss the critical vulnerability in the VMware Aria Operations for Logs analysis tool for which exploit code is now available.
Bleeping Computer reports "VMware Warns of Exploit Available for Critical vRealize RCE Bug"