Show filters
15 Total Results
Displaying 1-10 of 15
Sort by:
Attacker Value
Very High

CVE-2022-31706

Disclosure Date: January 26, 2023 (last updated October 08, 2023)
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
4
1
Attacker Value
Unknown

CVE-2022-31710

Disclosure Date: January 26, 2023 (last updated October 08, 2023)
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
0
Attacker Value
Unknown

CVE-2022-31703

Disclosure Date: December 14, 2022 (last updated October 08, 2023)
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
0
Attacker Value
Unknown

CVE-2022-31711

Disclosure Date: January 26, 2023 (last updated October 08, 2023)
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
0
Attacker Value
Unknown

CVE-2022-31704

Disclosure Date: January 26, 2023 (last updated October 08, 2023)
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
0
Attacker Value
Unknown

CVE-2022-31655

Disclosure Date: July 12, 2022 (last updated October 07, 2023)
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-31654

Disclosure Date: July 12, 2022 (last updated October 07, 2023)
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-22035

Disclosure Date: October 13, 2021 (last updated November 28, 2024)
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-22021

Disclosure Date: August 30, 2021 (last updated November 28, 2024)
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-3954

Disclosure Date: April 15, 2020 (last updated February 21, 2025)
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
View More Topics  Next >