VMware addressed multiple vulnerabilities, tracked as CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, and CVE-2022-31711, in its vRealize Log Insight appliance. VRealize Log Insight is a log collection and analytics virtual appliance that enables administrators to collect, view, manage and analyze syslog data. Log Insight provides real-time monitoring of application logs, network traces, configuration files, messages and performance data.
The most severe flaws impacting the product are a Directory Traversal Vulnerability tracked as CVE-2022-31706 (CVSS score 9.8), and a broken access control vulnerability tracked as CVE-2022-31704 (CVSS score 9.8).
An unauthenticated, attacker can exploit one of the two flaws to inject files into the operating system of an impacted appliance which can result in remote code execution.
“An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.” reads the advisory published by the virtualization giant.
The other flaws fixed by VMware are:
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, VMWARE)
[adrotate banner=”5″]
[adrotate banner=”13″]
Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…
Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…
Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…
Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…
The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…
This website uses cookies.