Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:vmware:vrealize_log_insight:8.8.2:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-31711 |
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. Published: January 26, 2023; 4:15:38 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2022-31710 |
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service. Published: January 26, 2023; 4:15:38 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-31706 |
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. Published: January 26, 2023; 4:15:37 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-31704 |
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. Published: January 26, 2023; 4:15:37 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-31703 |
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. Published: December 14, 2022; 2:15:13 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2021-22035 |
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment. Published: October 13, 2021; 12:15:07 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |