BleepingComputer reports that VMware has issued a fix for two security flaws in its vRealize Log Insight, which has been renamed to VMware Aria Operations for Logs. Threat actors could exploit the critical deserialization vulnerability, tracked as CVE-2023-20864, to facilitate arbitrary code execution, while the other flaw, tracked as CVE-2023-20865, could be leveraged to allow arbitrary command execution as root for attackers with administrative privileges.
Read full article on SC Magazine