{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-34051","assignerOrgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","state":"PUBLISHED","assignerShortName":"vmware","dateReserved":"2023-05-25T17:21:56.203Z","datePublished":"2023-10-20T04:11:52.777Z","dateUpdated":"2025-05-02T18:30:37.399Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"VMware Aria Operations for Logs","vendor":"n/a","versions":[{"status":"affected","version":"VMware Aria Operations for Logs 8.x, VMware Cloud Foundation (VMware Aria Operations for Logs) 5.x 4.x "}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">VMware Aria Operations for Logs contains an authentication bypass vulnerability.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.</span></span><br>"}],"value":"VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.\n"}],"problemTypes":[{"descriptions":[{"description":"Authentication Bypass Vulnerability","lang":"en"}]}],"providerMetadata":{"orgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","shortName":"vmware","dateUpdated":"2023-10-20T04:11:52.777Z"},"references":[{"url":"https://www.vmware.com/security/advisories/VMSA-2023-0021.html"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T16:01:52.417Z"},"title":"CVE Program Container","references":[{"url":"https://www.vmware.com/security/advisories/VMSA-2023-0021.html","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-863","lang":"en","description":"CWE-863 Incorrect Authorization"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.8,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-23T13:26:59.723332Z","id":"CVE-2023-34051","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-02T18:30:37.399Z"}}]}}