All the vulnerabilites related to vmware - vrealize_log_insight
cve-2016-2082
Vulnerability from cvelistv5
Published
2016-07-03 01:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2016-0008.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036078 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0008.html"
},
{
"name": "1036078",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0008.html"
},
{
"name": "1036078",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036078"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0008.html"
},
{
"name": "1036078",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036078"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2082",
"datePublished": "2016-07-03T01:00:00",
"dateReserved": "2016-01-26T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31654
Vulnerability from cvelistv5
Published
2022-07-12 20:43
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0019.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vRealize Log Insight |
Version: VMware vRealize Log Insight prior to 8.8.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight prior to 8.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-12T20:43:09",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight prior to 8.8.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31654",
"datePublished": "2022-07-12T20:43:09",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31655
Vulnerability from cvelistv5
Published
2022-07-12 20:44
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0019.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vRealize Log Insight |
Version: VMware vRealize Log Insight prior to 8.8.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight prior to 8.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-12T20:44:46",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight prior to 8.8.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31655",
"datePublished": "2022-07-12T20:44:46",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31703
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | vRealize Log Insight (vRLI) |
Version: vRealize Log Insight 8.10.1 and prior |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vRealize Log Insight (vRLI)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vRealize Log Insight 8.10.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware vRealize Log Insight Directory Traversal Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-25T00:00:00",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31703",
"datePublished": "2022-12-14T00:00:00",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22035
Vulnerability from cvelistv5
Published
2021-10-13 15:50
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vRealize Log Insight |
Version: VMware vRealize Log Insight (8.x prior to 8.6) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:24.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight (8.x prior to 8.6)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user\u0027s environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSV injection vulnerability in Log Insight",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T15:50:54",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight (8.x prior to 8.6)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user\u0027s environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSV injection vulnerability in Log Insight"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22035",
"datePublished": "2021-10-13T15:50:54",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:24.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6980
Vulnerability from cvelistv5
Published
2018-11-13 22:00
Modified
2024-08-05 06:17
Severity ?
EPSS score ?
Summary
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2018-0028.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/105925 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | VMware | VMware vRealize Log Insight |
Version: VVMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0028.html"
},
{
"name": "105925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "VVMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2)"
}
]
}
],
"datePublic": "2018-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization bypass vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-15T10:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0028.html"
},
{
"name": "105925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2018-6980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VVMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2)"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0028.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0028.html"
},
{
"name": "105925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2018-6980",
"datePublished": "2018-11-13T22:00:00",
"dateReserved": "2018-02-14T00:00:00",
"dateUpdated": "2024-08-05T06:17:17.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22021
Vulnerability from cvelistv5
Published
2021-08-30 18:06
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0019.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vRealize Log Insight |
Version: VMware vRealize Log Insight (8.x prior to 8.4) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight (8.x prior to 8.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS) vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T18:06:13",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0019.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight (8.x prior to 8.4)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0019.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0019.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22021",
"datePublished": "2021-08-30T18:06:13",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3953
Vulnerability from cvelistv5
Published
2020-04-15 17:20
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2020-0007.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vRealize Log Insight |
Version: VMware vRealize Log Insight prior to 8.1.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight prior to 8.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T17:20:09",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight prior to 8.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3953",
"datePublished": "2020-04-15T17:20:09",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31704
Vulnerability from cvelistv5
Published
2023-01-25 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | vRealize Log Insight (vRLI) |
Version: vRealize Log Insight 8.10.1 and prior |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vRealize Log Insight (vRLI)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vRealize Log Insight 8.10.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware vRealize Log Insight broken access control Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T18:06:41.000443",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31704",
"datePublished": "2023-01-25T00:00:00",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31711
Vulnerability from cvelistv5
Published
2023-01-25 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | vRealize Log Insight (vRLI) |
Version: vRealize Log Insight 8.10.1 and prior |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vRealize Log Insight (vRLI)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vRealize Log Insight 8.10.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware vRealize Log Insight Information Disclosure Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T18:06:39.555312",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31711",
"datePublished": "2023-01-25T00:00:00",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31710
Vulnerability from cvelistv5
Published
2023-01-25 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | vRealize Log Insight (vRLI) |
Version: vRealize Log Insight 8.10.1 and prior |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vRealize Log Insight (vRLI)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vRealize Log Insight 8.10.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware vRealize Log Insight Deserialization Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-25T00:00:00",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31710",
"datePublished": "2023-01-25T00:00:00",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31706
Vulnerability from cvelistv5
Published
2023-01-25 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | vRealize Log Insight (vRLI) |
Version: vRealize Log Insight 8.10.1 and prior |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vRealize Log Insight (vRLI)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vRealize Log Insight 8.10.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware vRealize Log Insight Directory Traversal Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T18:06:38.043240",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31706",
"datePublished": "2023-01-25T00:00:00",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5332
Vulnerability from cvelistv5
Published
2016-08-31 01:00
Modified
2024-08-06 01:00
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036619 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vmware.com/security/advisories/VMSA-2016-0011.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92448 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:00:57.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036619",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036619"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0011.html"
},
{
"name": "92448",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92448"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036619",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036619"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0011.html"
},
{
"name": "92448",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92448"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036619",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036619"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0011.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0011.html"
},
{
"name": "92448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92448"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5332",
"datePublished": "2016-08-31T01:00:00",
"dateReserved": "2016-06-07T00:00:00",
"dateUpdated": "2024-08-06T01:00:57.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3954
Vulnerability from cvelistv5
Published
2020-04-15 17:17
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2020-0007.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vRealize Log Insight |
Version: VMware vRealize Log Insight prior to 8.1.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight prior to 8.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T17:17:17",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight prior to 8.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3954",
"datePublished": "2020-04-15T17:17:17",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2081
Vulnerability from cvelistv5
Published
2016-07-03 01:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2016-0008.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036078 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0008.html"
},
{
"name": "1036078",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0008.html"
},
{
"name": "1036078",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036078"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0008.html"
},
{
"name": "1036078",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036078"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2081",
"datePublished": "2016-07-03T01:00:00",
"dateReserved": "2016-01-26T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-01-26 21:15
Modified
2024-11-21 07:05
Severity ?
Summary
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78E848BE-FFD0-40D3-AA72-17E47F616661",
"versionEndIncluding": "4.8",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "476F80CF-8F34-402E-9175-E506B844724D",
"versionEndExcluding": "8.10.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution."
},
{
"lang": "es",
"value": "vRealize Log Insight contiene una vulnerabilidad de control de acceso roto. Un actor malintencionado no autenticado puede inyectar c\u00f3digo de forma remota en archivos confidenciales de un dispositivo afectado, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo.\n"
}
],
"id": "CVE-2022-31704",
"lastModified": "2024-11-21T07:05:10.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-26T21:15:37.320",
"references": [
{
"source": "security@vmware.com",
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-26 21:15
Modified
2024-11-21 07:05
Severity ?
Summary
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78E848BE-FFD0-40D3-AA72-17E47F616661",
"versionEndIncluding": "4.8",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "476F80CF-8F34-402E-9175-E506B844724D",
"versionEndExcluding": "8.10.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution."
},
{
"lang": "es",
"value": "vRealize Log Insight contiene una vulnerabilidad de Directory Traversal. Un actor malintencionado no autenticado puede inyectar archivos en el sistema operativo de un dispositivo afectado, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo.\n"
}
],
"id": "CVE-2022-31706",
"lastModified": "2024-11-21T07:05:10.750",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-26T21:15:37.610",
"references": [
{
"source": "security@vmware.com",
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 21:15
Modified
2024-11-21 07:05
Severity ?
Summary
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0019.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0019.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "735632D7-30EB-43F2-94D8-B733109DF763",
"versionEndExcluding": "8.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations."
},
{
"lang": "es",
"value": "VMware vRealize Log Insight en versiones anteriores a 8.8.2, contienen una vulnerabilidad de tipo cross-site scriptings almacenado debido a un saneo de entrada inapropiado en las configuraciones"
}
],
"id": "CVE-2022-31654",
"lastModified": "2024-11-21T07:05:03.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-12T21:15:10.257",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 18:15
Modified
2024-11-21 05:32
Severity ?
Summary
Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34B2D584-D67D-42EE-86D3-F6C9386F5899",
"versionEndExcluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de tipo Cross Site Scripting (XSS) en VMware vRealize Log Insight versiones anteriores a 8.1.0, debido a una comprobaci\u00f3n de entrada inapropiada."
}
],
"id": "CVE-2020-3953",
"lastModified": "2024-11-21T05:32:01.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T18:15:15.520",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-14 19:15
Modified
2024-11-21 07:05
Severity ?
Summary
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "729C09FE-9824-4C13-990B-E51800B6329B",
"versionEndIncluding": "8.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution."
},
{
"lang": "es",
"value": "vRealize Log Insight contiene una vulnerabilidad de directory traversal. Un actor malicioso no autenticado puede inyectar archivos en el Sistema Operativo de un dispositivo afectado, lo que puede resultar en la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2022-31703",
"lastModified": "2024-11-21T07:05:10.293",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T19:15:13.123",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Not Applicable"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 21:15
Modified
2024-11-21 07:05
Severity ?
Summary
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0019.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0019.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "735632D7-30EB-43F2-94D8-B733109DF763",
"versionEndExcluding": "8.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts."
},
{
"lang": "es",
"value": "VMware vRealize Log Insight en versiones anteriores a la 8.8.2 contienen una vulnerabilidad de tipo cross-site scripting almacenado debido a una saneo de entrada inapropiado en las alertas"
}
],
"id": "CVE-2022-31655",
"lastModified": "2024-11-21T07:05:03.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-12T21:15:10.307",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-13 16:15
Modified
2024-11-21 05:49
Severity ?
Summary
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0022.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0022.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_suite_lifecycle_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67763E17-BABE-4A25-95BC-2B5F1666705C",
"versionEndIncluding": "4.3.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BECE8925-3981-4FB9-979E-CDFC1A55A13F",
"versionEndExcluding": "8.60",
"versionStartExcluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61B2C07D-4AD4-458B-86CA-FB2CA45A8EA7",
"versionEndIncluding": "8.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user\u0027s environment."
},
{
"lang": "es",
"value": "VMware vRealize Log Insight (versiones 8.x anteriores a 8.6) contienen una vulnerabilidad de inyecci\u00f3n de CSV (Valores Separados por Comas) en la funci\u00f3n interactive analytics export. Un actor malicioso autenticado con privilegios no administrativos puede ser capaz de insertar datos no confiables antes de exportar una hoja CSV mediante Log Insight que podr\u00eda ser ejecutada en el entorno del usuario"
}
],
"id": "CVE-2021-22035",
"lastModified": "2024-11-21T05:49:28.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-13T16:15:07.690",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-03 01:59
Modified
2024-11-21 02:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | 2.0 | |
| vmware | vrealize_log_insight | 2.0.5 | |
| vmware | vrealize_log_insight | 2.5 | |
| vmware | vrealize_log_insight | 2.5.1 | |
| vmware | vrealize_log_insight | 3.0 | |
| vmware | vrealize_log_insight | 3.0.1 | |
| vmware | vrealize_log_insight | 3.3 | |
| vmware | vrealize_log_insight | 3.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA721D3-A31B-4B0C-A9B3-0729E5A486E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3981C264-6EBB-496E-BE5A-1670FABAFAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B59B01D4-7ED4-4A20-958D-BC5AB8CD5604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40565FA2-BEA0-4DE8-85D0-42AD3415E2AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35562FBD-9183-45E8-8E3F-3E24CCFDD759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45670401-3130-4504-BE48-19AEFAB0854E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7C79B-09A9-42F3-AD1A-0BACE2FB5D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCEFB9D5-418C-4012-9961-E1FA94CDDAB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en VMware vRealize Log Insight 2.x y 3.x en versiones anteriores a 3.3.2 permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-2081",
"lastModified": "2024-11-21T02:47:46.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-03T01:59:06.907",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036078"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0008.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-26 21:15
Modified
2024-11-21 07:05
Severity ?
Summary
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78E848BE-FFD0-40D3-AA72-17E47F616661",
"versionEndIncluding": "4.8",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "476F80CF-8F34-402E-9175-E506B844724D",
"versionEndExcluding": "8.10.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication."
},
{
"lang": "es",
"value": "VMware vRealize Log Insight contiene una vulnerabilidad de Divulgaci\u00f3n de Informaci\u00f3n. Un actor malintencionado puede recopilar de forma remota informaci\u00f3n sensible de la sesi\u00f3n y la aplicaci\u00f3n sin autenticaci\u00f3n.\n"
}
],
"id": "CVE-2022-31711",
"lastModified": "2024-11-21T07:05:11.333",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-26T21:15:38.270",
"references": [
{
"source": "security@vmware.com",
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-31 01:59
Modified
2024-11-21 02:54
Severity ?
Summary
Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | 2.0 | |
| vmware | vrealize_log_insight | 2.0.5 | |
| vmware | vrealize_log_insight | 2.5 | |
| vmware | vrealize_log_insight | 3.0 | |
| vmware | vrealize_log_insight | 3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA721D3-A31B-4B0C-A9B3-0729E5A486E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3981C264-6EBB-496E-BE5A-1670FABAFAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B59B01D4-7ED4-4A20-958D-BC5AB8CD5604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35562FBD-9183-45E8-8E3F-3E24CCFDD759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7C79B-09A9-42F3-AD1A-0BACE2FB5D17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en VMware vRealize Log Insight 2.x y 3.x en versiones anteriores a 3.6.0 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-5332",
"lastModified": "2024-11-21T02:54:07.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T01:59:16.357",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92448"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036619"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0011.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-30 19:15
Modified
2024-11-21 05:49
Severity ?
Summary
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0019.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0019.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "722CF000-C0A1-4704-BDC6-3446D1530F3B",
"versionEndExcluding": "4.3",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F651BAC0-AA2B-4448-95AB-B37815BC2F1A",
"versionEndIncluding": "4.8",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6583A319-9261-4891-92AE-A0F429FF0A0D",
"versionEndExcluding": "8.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link."
},
{
"lang": "es",
"value": "VMware vRealize Log Insight (versiones 8.x anteriores a 8.4) contiene una vulnerabilidad de tipo Cross Site Scripting (XSS) debido a una comprobaci\u00f3n inapropiada de la entrada del usuario. Un atacante con privilegios de usuario puede ser capaz de inyectar una carga \u00fatil maliciosa por medio de la interfaz de usuario de Log Insight que se ejecutar\u00eda cuando la v\u00edctima acceda al enlace del panel compartido."
}
],
"id": "CVE-2021-22021",
"lastModified": "2024-11-21T05:49:27.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-30T19:15:08.457",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0019.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 18:15
Modified
2024-11-21 05:32
Severity ?
Summary
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34B2D584-D67D-42EE-86D3-F6C9386F5899",
"versionEndExcluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de Redireccionamiento Abierto en VMware vRealize Log Insight versiones anteriores a 8.1.0, debido a una comprobaci\u00f3n de entrada inapropiada."
}
],
"id": "CVE-2020-3954",
"lastModified": "2024-11-21T05:32:01.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T18:15:15.583",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-26 21:15
Modified
2024-11-21 07:05
Severity ?
Summary
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2023-0001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2023-0001.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78E848BE-FFD0-40D3-AA72-17E47F616661",
"versionEndIncluding": "4.8",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "476F80CF-8F34-402E-9175-E506B844724D",
"versionEndExcluding": "8.10.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service."
},
{
"lang": "es",
"value": "vRealize Log Insight contiene una vulnerabilidad de deserializaci\u00f3n. Un actor malicioso no autenticado puede desencadenar de forma remota la deserializaci\u00f3n de datos que no son de confianza, lo que podr\u00eda provocar una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2022-31710",
"lastModified": "2024-11-21T07:05:11.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-26T21:15:38.037",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-03 01:59
Modified
2024-11-21 02:47
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | 2.0 | |
| vmware | vrealize_log_insight | 2.0.5 | |
| vmware | vrealize_log_insight | 2.5 | |
| vmware | vrealize_log_insight | 2.5.1 | |
| vmware | vrealize_log_insight | 3.0 | |
| vmware | vrealize_log_insight | 3.0.1 | |
| vmware | vrealize_log_insight | 3.3 | |
| vmware | vrealize_log_insight | 3.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA721D3-A31B-4B0C-A9B3-0729E5A486E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3981C264-6EBB-496E-BE5A-1670FABAFAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B59B01D4-7ED4-4A20-958D-BC5AB8CD5604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40565FA2-BEA0-4DE8-85D0-42AD3415E2AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35562FBD-9183-45E8-8E3F-3E24CCFDD759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45670401-3130-4504-BE48-19AEFAB0854E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7C79B-09A9-42F3-AD1A-0BACE2FB5D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCEFB9D5-418C-4012-9961-E1FA94CDDAB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en VMware vRealize Log Insight 2.x y 3.x en versiones 3.3.2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de victimas no especificadas a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2016-2082",
"lastModified": "2024-11-21T02:47:46.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-03T01:59:08.593",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036078"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0008.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-13 22:29
Modified
2024-11-21 04:11
Severity ?
Summary
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/105925 | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2018-0028.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105925 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2018-0028.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "599C444E-8260-4F76-B5C0-E120C7522E7A",
"versionEndExcluding": "4.6.2",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6D7395-BA48-433E-9F15-10AE63A85710",
"versionEndExcluding": "4.7.1",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform."
},
{
"lang": "es",
"value": "VMware vRealize Log Insight (versiones 4.7.x anteriores a la 4.7.1 y versiones 4.6.x anteriores a la 4.6.2) contiene una vulnerabilidad debido a la autorizaci\u00f3n incorrecta en el m\u00e9todo de registro de usuarios. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que los usuarios administradores con el permiso \"view only\" realicen ciertas funciones administrativas que no se les permite realizar."
}
],
"id": "CVE-2018-6980",
"lastModified": "2024-11-21T04:11:31.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-13T22:29:00.237",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105925"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0028.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}