The purpose of this article is to provide some additional information relating to VMSA-2023-0007 .

In addition, please see KB 342206 (8.10 and older) and KB 315949 (8.12 and later) for details of a certificate issue that impacts all versions of VMware Aria Operations for Logs (formerly vRealize Log Insight).

This issue is resolved in the fixed version documented in the VMSA

Who is affected?
Customers who have deployed versions of VMware Aria Operations for Logs (formerly vRealize Log Insight) as documented in the VMSA

When do I need to act?
CVE-2023-20864 is a critical issue and should be patched immediately as per the instructions in the advisory. 
It needs to be highlighted that only version 8.10.2 is impacted by this vulnerability. (CVE-2023-20864)
Other versions VMware Aria Operations for Logs (formerly vRealize Log Insight) are impacted by CVE-2023-20865 but this has a lower CVSSv3 score of 7.2.

What should I do about the issue ?
Upgrading to the fixed version will mitigate all of the security vulnerabilities and also resolve the certificate issue documented in the KB 342206 (8.10 and older) and KB 315949 (8.12 and later) 

What should I do to protect myself?
To fully protect yourself and your organization, VMware recommends upgrading to the fixed version as documented in the advisory
There may be other protections available in your organization, depending on your security posture, defense-in-depth strategies, and configurations of virtual machines. All organizations must decide for themselves whether to rely on those protections.

I have feedback about the products and/or processes. How do I provide it to you?
VMware appreciates any and all feedback on our products and processes. Please contact your Account Executive, Solutions Engineer, or Technical Account Manager. They have processes for submitting feedback on your behalf.