- 26/2023
- Critical
VMware has released security updates to fix multiple vulnerabilities in VMware vRealize Log Insight.
The severity of the addressed vulnerabilities could allow the remote attacker to gain access, cause a denial of service attack, or obtain information from the affected systems.
Sample of the addressed vulnerabilities:
1. VMware vRealize Log Insight Broken Access Control Vulnerability (CVE-2022-31704):
• CVSS: 9.8
• Attack Vector: Network
• Attack Complexity: low
• Privileges Required: None
• User Interaction: None
• Consequences: Gain Access
2. VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706):
• CVSS: 9.8
• Attack Vector: Network
• Attack Complexity: low
• Privileges Required: None
• User Interaction: None
• Consequences: Gain Access
Vulnerabilities
- CVE-2022-31706
- CVE-2022-31704
- CVE-2022-31710
- CVE-2022-31711
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.