VMware addressed multiple vulnerabilities, tracked as CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, and CVE-2022-31711, in its vRealize Log Insight appliance. VRealize Log Insight is a log collection and analytics virtual appliance that enables administrators to collect, view, manage and analyze syslog data. Log Insight provides real-time monitoring of application logs, network traces, configuration files, messages and performance data.
The most severe flaws impacting the product are a Directory Traversal Vulnerability tracked as CVE-2022-31706 (CVSS score 9.8), and a broken access control vulnerability tracked as CVE-2022-31704 (CVSS score 9.8).
An unauthenticated, attacker can exploit one of the two flaws to inject files into the operating system of an impacted appliance which can result in remote code execution.
“An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.” reads the advisory published by the virtualization giant.
The other flaws fixed by VMware are:
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, VMWARE)
[adrotate banner=”5″]
[adrotate banner=”13″]