VMware Security Update

Published On: June 9, 2023Categories: Cyber Alerts

In today’s SensCy Cyber Alert, your SensCy team recommends VMware Aria Operations for Networks product users to install the new security update immediately.

On June 7, 2023, the VMware release an advisory documenting three critical vulnerabilities. One of the vulnerabilities is a command injection vulnerability that can be tracked as CVE-2023-20887. “A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution,” VMware said.

Also patched are an authenticated deserialization vulnerability CVE-2023-20888 that allows threat actors with network access and valid ‘member’ role credentials to launch a deserialization attack resulting in remote code execution.

The last vulnerability is an information disclosure flaw CVE-2023-20889 that allows threat actors with network access to VMware Aria Operations for Networks to perform command injection attacks that could results in the disclosure of sensitive data.

Here are VMware’s recommendations for remediation:

-CVE-2023-20887:  apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’.

-CVE-2023-20888: apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ .

-CVE-2023-20889: apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’.

Related Posts

  • June 13, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Adobe latest release of security updates. We recommend installing those updates immediately if you are using [...]

  • June 13, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version 126 immediately. The new update patches [...]

  • June 6, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team is reviewing latest disclosure of vulnerabilities by WordPress. There were 99 vulnerabilities discovered, including 82 WordPress plugin. [...]