Is CVE-2023-20864 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Vmware Aria Operations For Logs (Formerly Vrealize Log Insight)

CVE-2023-20864

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.

EPSS: 0.930 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a Vmware Aria Operations For Logs (Formerly Vrealize Log Insight) — versions VMware Aria Operations for Logs (formerly vRealize Log Insight) 8.10.2

Public proof-of-concept exploits

Threekiii/CVE

References

www.vmware.com/security/advisories/VMSA-2023-0007.html

Frequently asked questions

What is CVE-2023-20864?: CVE-2023-20864 is a vulnerability in Vmware Aria Operations For Logs (Formerly Vrealize Log Insight). Published 2023-04-20.
Is CVE-2023-20864 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.