Attackers Exploit VMware’s Aria Operations for Logs Vulnerability

Threat Level – Red | Vulnerability Report
Download PDF

A critical authentication bypass vulnerability (CVE-2023-34051) in VMware Aria Operations for Logs allows remote code execution with root privileges under certain conditions, raising concerns for compromised networks. The security patch attempted to address the issue by blocking Thrift ports but left other vulnerabilities unpatched, which attackers can bypass by spoofing their IP address.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox