CVE-2023-34052

2023-10-2004:11:45

vmware

www.cve.org

cve-2023-34052

authentication bypass

data deserialization

vmware

non-administrative access

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.5%

JSON

VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VMware Aria Operations for Logs",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VMware Aria Operations for Logs 8.x, VMware Cloud Foundation (VMware Aria Operations for Logs) 5.x 4.x "
      }
    ]
  }
]

References

www.vmware.com/security/advisories/VMSA-2023-0021.html