CVE-2022-31704

Published: Jan 26, 2023Modified: Apr 2, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.

Affected (2)

Products: Vmware: Vrealize Log Insight

Vmware

1 product

Vrealize Log Insight

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Vmware Vrealize Log Insight	From 3.0 to 4.8
Vmware Vrealize Log Insight	From 8.0.0 to 8.10.2

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (5)

http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html

Source: security@vmware.com

https://www.vmware.com/security/advisories/VMSA-2023-0001.html

Source: security@vmware.com

PatchVendor Advisory

http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.vmware.com/security/advisories/VMSA-2023-0001.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://packetstorm.news/files/id/174606

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.