Search criteria
45 vulnerabilities found for vrealize_log_insight by vmware
FKIE_CVE-2022-31710
Vulnerability from fkie_nvd - Published: 2023-01-26 21:15 - Updated: 2025-04-01 16:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2023-0001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2023-0001.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78E848BE-FFD0-40D3-AA72-17E47F616661",
"versionEndIncluding": "4.8",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "476F80CF-8F34-402E-9175-E506B844724D",
"versionEndExcluding": "8.10.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service."
},
{
"lang": "es",
"value": "vRealize Log Insight contiene una vulnerabilidad de deserializaci\u00f3n. Un actor malicioso no autenticado puede desencadenar de forma remota la deserializaci\u00f3n de datos que no son de confianza, lo que podr\u00eda provocar una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2022-31710",
"lastModified": "2025-04-01T16:15:16.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-26T21:15:38.037",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-31711
Vulnerability from fkie_nvd - Published: 2023-01-26 21:15 - Updated: 2025-04-01 16:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78E848BE-FFD0-40D3-AA72-17E47F616661",
"versionEndIncluding": "4.8",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "476F80CF-8F34-402E-9175-E506B844724D",
"versionEndExcluding": "8.10.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication."
},
{
"lang": "es",
"value": "VMware vRealize Log Insight contiene una vulnerabilidad de Divulgaci\u00f3n de Informaci\u00f3n. Un actor malintencionado puede recopilar de forma remota informaci\u00f3n sensible de la sesi\u00f3n y la aplicaci\u00f3n sin autenticaci\u00f3n.\n"
}
],
"id": "CVE-2022-31711",
"lastModified": "2025-04-01T16:15:16.383",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-26T21:15:38.270",
"references": [
{
"source": "security@vmware.com",
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-31704
Vulnerability from fkie_nvd - Published: 2023-01-26 21:15 - Updated: 2025-04-02 14:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78E848BE-FFD0-40D3-AA72-17E47F616661",
"versionEndIncluding": "4.8",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "476F80CF-8F34-402E-9175-E506B844724D",
"versionEndExcluding": "8.10.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution."
},
{
"lang": "es",
"value": "vRealize Log Insight contiene una vulnerabilidad de control de acceso roto. Un actor malintencionado no autenticado puede inyectar c\u00f3digo de forma remota en archivos confidenciales de un dispositivo afectado, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo.\n"
}
],
"id": "CVE-2022-31704",
"lastModified": "2025-04-02T14:15:36.047",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-26T21:15:37.320",
"references": [
{
"source": "security@vmware.com",
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://packetstorm.news/files/id/174606"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-31706
Vulnerability from fkie_nvd - Published: 2023-01-26 21:15 - Updated: 2025-04-02 14:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78E848BE-FFD0-40D3-AA72-17E47F616661",
"versionEndIncluding": "4.8",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "476F80CF-8F34-402E-9175-E506B844724D",
"versionEndExcluding": "8.10.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution."
},
{
"lang": "es",
"value": "vRealize Log Insight contiene una vulnerabilidad de Directory Traversal. Un actor malintencionado no autenticado puede inyectar archivos en el sistema operativo de un dispositivo afectado, lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo.\n"
}
],
"id": "CVE-2022-31706",
"lastModified": "2025-04-02T14:15:36.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-26T21:15:37.610",
"references": [
{
"source": "security@vmware.com",
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://packetstorm.news/files/id/174606"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-31703
Vulnerability from fkie_nvd - Published: 2022-12-14 19:15 - Updated: 2025-04-22 16:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "729C09FE-9824-4C13-990B-E51800B6329B",
"versionEndIncluding": "8.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution."
},
{
"lang": "es",
"value": "vRealize Log Insight contiene una vulnerabilidad de directory traversal. Un actor malicioso no autenticado puede inyectar archivos en el Sistema Operativo de un dispositivo afectado, lo que puede resultar en la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2022-31703",
"lastModified": "2025-04-22T16:15:30.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-14T19:15:13.123",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Not Applicable"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-31655
Vulnerability from fkie_nvd - Published: 2022-07-12 21:15 - Updated: 2024-11-21 07:05
Severity ?
Summary
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0019.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0019.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "735632D7-30EB-43F2-94D8-B733109DF763",
"versionEndExcluding": "8.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts."
},
{
"lang": "es",
"value": "VMware vRealize Log Insight en versiones anteriores a la 8.8.2 contienen una vulnerabilidad de tipo cross-site scripting almacenado debido a una saneo de entrada inapropiado en las alertas"
}
],
"id": "CVE-2022-31655",
"lastModified": "2024-11-21T07:05:03.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-12T21:15:10.307",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-31654
Vulnerability from fkie_nvd - Published: 2022-07-12 21:15 - Updated: 2024-11-21 07:05
Severity ?
Summary
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0019.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0019.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "735632D7-30EB-43F2-94D8-B733109DF763",
"versionEndExcluding": "8.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations."
},
{
"lang": "es",
"value": "VMware vRealize Log Insight en versiones anteriores a 8.8.2, contienen una vulnerabilidad de tipo cross-site scriptings almacenado debido a un saneo de entrada inapropiado en las configuraciones"
}
],
"id": "CVE-2022-31654",
"lastModified": "2024-11-21T07:05:03.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-12T21:15:10.257",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22035
Vulnerability from fkie_nvd - Published: 2021-10-13 16:15 - Updated: 2024-11-21 05:49
Severity ?
Summary
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0022.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0022.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_suite_lifecycle_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67763E17-BABE-4A25-95BC-2B5F1666705C",
"versionEndIncluding": "4.3.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BECE8925-3981-4FB9-979E-CDFC1A55A13F",
"versionEndExcluding": "8.60",
"versionStartExcluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61B2C07D-4AD4-458B-86CA-FB2CA45A8EA7",
"versionEndIncluding": "8.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user\u0027s environment."
},
{
"lang": "es",
"value": "VMware vRealize Log Insight (versiones 8.x anteriores a 8.6) contienen una vulnerabilidad de inyecci\u00f3n de CSV (Valores Separados por Comas) en la funci\u00f3n interactive analytics export. Un actor malicioso autenticado con privilegios no administrativos puede ser capaz de insertar datos no confiables antes de exportar una hoja CSV mediante Log Insight que podr\u00eda ser ejecutada en el entorno del usuario"
}
],
"id": "CVE-2021-22035",
"lastModified": "2024-11-21T05:49:28.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-13T16:15:07.690",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22021
Vulnerability from fkie_nvd - Published: 2021-08-30 19:15 - Updated: 2024-11-21 05:49
Severity ?
Summary
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0019.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0019.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "722CF000-C0A1-4704-BDC6-3446D1530F3B",
"versionEndExcluding": "4.3",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F651BAC0-AA2B-4448-95AB-B37815BC2F1A",
"versionEndIncluding": "4.8",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6583A319-9261-4891-92AE-A0F429FF0A0D",
"versionEndExcluding": "8.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link."
},
{
"lang": "es",
"value": "VMware vRealize Log Insight (versiones 8.x anteriores a 8.4) contiene una vulnerabilidad de tipo Cross Site Scripting (XSS) debido a una comprobaci\u00f3n inapropiada de la entrada del usuario. Un atacante con privilegios de usuario puede ser capaz de inyectar una carga \u00fatil maliciosa por medio de la interfaz de usuario de Log Insight que se ejecutar\u00eda cuando la v\u00edctima acceda al enlace del panel compartido."
}
],
"id": "CVE-2021-22021",
"lastModified": "2024-11-21T05:49:27.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-30T19:15:08.457",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0019.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-3954
Vulnerability from fkie_nvd - Published: 2020-04-15 18:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34B2D584-D67D-42EE-86D3-F6C9386F5899",
"versionEndExcluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de Redireccionamiento Abierto en VMware vRealize Log Insight versiones anteriores a 8.1.0, debido a una comprobaci\u00f3n de entrada inapropiada."
}
],
"id": "CVE-2020-3954",
"lastModified": "2024-11-21T05:32:01.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T18:15:15.583",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-3953
Vulnerability from fkie_nvd - Published: 2020-04-15 18:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vrealize_log_insight | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34B2D584-D67D-42EE-86D3-F6C9386F5899",
"versionEndExcluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de tipo Cross Site Scripting (XSS) en VMware vRealize Log Insight versiones anteriores a 8.1.0, debido a una comprobaci\u00f3n de entrada inapropiada."
}
],
"id": "CVE-2020-3953",
"lastModified": "2024-11-21T05:32:01.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T18:15:15.520",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-31704 (GCVE-0-2022-31704)
Vulnerability from cvelistv5 – Published: 2023-01-25 00:00 – Updated: 2025-04-02 13:26
VLAI?
Summary
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
Severity ?
9.8 (Critical)
CWE
- VMware vRealize Log Insight broken access control Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | vRealize Log Insight (vRLI) |
Affected:
vRealize Log Insight 8.10.1 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31704",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T13:26:55.313338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T13:26:58.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/174606"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vRealize Log Insight (vRLI)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vRealize Log Insight 8.10.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware vRealize Log Insight broken access control Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T18:06:41.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31704",
"datePublished": "2023-01-25T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-04-02T13:26:58.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31710 (GCVE-0-2022-31710)
Vulnerability from cvelistv5 – Published: 2023-01-25 00:00 – Updated: 2025-04-01 15:28
VLAI?
Summary
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.
Severity ?
7.5 (High)
CWE
- VMware vRealize Log Insight Deserialization Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | vRealize Log Insight (vRLI) |
Affected:
vRealize Log Insight 8.10.1 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T15:28:03.261517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T15:28:35.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vRealize Log Insight (vRLI)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vRealize Log Insight 8.10.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware vRealize Log Insight Deserialization Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-25T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31710",
"datePublished": "2023-01-25T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-04-01T15:28:35.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31706 (GCVE-0-2022-31706)
Vulnerability from cvelistv5 – Published: 2023-01-25 00:00 – Updated: 2025-04-02 13:25
VLAI?
Summary
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Severity ?
9.8 (Critical)
CWE
- VMware vRealize Log Insight Directory Traversal Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | vRealize Log Insight (vRLI) |
Affected:
vRealize Log Insight 8.10.1 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31706",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T13:25:20.491171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T13:25:27.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/174606"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vRealize Log Insight (vRLI)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vRealize Log Insight 8.10.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware vRealize Log Insight Directory Traversal Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T18:06:38.043Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31706",
"datePublished": "2023-01-25T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-04-02T13:25:27.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31711 (GCVE-0-2022-31711)
Vulnerability from cvelistv5 – Published: 2023-01-25 00:00 – Updated: 2025-04-01 15:27
VLAI?
Summary
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
Severity ?
5.3 (Medium)
CWE
- VMware vRealize Log Insight Information Disclosure Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | vRealize Log Insight (vRLI) |
Affected:
vRealize Log Insight 8.10.1 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T15:27:00.516102Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T15:27:39.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vRealize Log Insight (vRLI)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vRealize Log Insight 8.10.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware vRealize Log Insight Information Disclosure Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T18:06:39.555Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31711",
"datePublished": "2023-01-25T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-04-01T15:27:39.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31703 (GCVE-0-2022-31703)
Vulnerability from cvelistv5 – Published: 2022-12-14 00:00 – Updated: 2025-04-22 16:02
VLAI?
Summary
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Severity ?
7.5 (High)
CWE
- VMware vRealize Log Insight Directory Traversal Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | vRealize Log Insight (vRLI) |
Affected:
vRealize Log Insight 8.10.1 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T16:01:15.840463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:02:51.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vRealize Log Insight (vRLI)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vRealize Log Insight 8.10.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware vRealize Log Insight Directory Traversal Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-25T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31703",
"datePublished": "2022-12-14T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-04-22T16:02:51.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31655 (GCVE-0-2022-31655)
Vulnerability from cvelistv5 – Published: 2022-07-12 20:44 – Updated: 2024-08-03 07:26
VLAI?
Summary
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
Severity ?
No CVSS data available.
CWE
- Stored cross-site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Affected:
VMware vRealize Log Insight prior to 8.8.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight prior to 8.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-12T20:44:46",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight prior to 8.8.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31655",
"datePublished": "2022-07-12T20:44:46",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31654 (GCVE-0-2022-31654)
Vulnerability from cvelistv5 – Published: 2022-07-12 20:43 – Updated: 2024-08-03 07:26
VLAI?
Summary
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
Severity ?
No CVSS data available.
CWE
- Stored cross-site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Affected:
VMware vRealize Log Insight prior to 8.8.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight prior to 8.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-12T20:43:09",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight prior to 8.8.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31654",
"datePublished": "2022-07-12T20:43:09",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22035 (GCVE-0-2021-22035)
Vulnerability from cvelistv5 – Published: 2021-10-13 15:50 – Updated: 2024-08-03 18:30
VLAI?
Summary
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
Severity ?
No CVSS data available.
CWE
- CSV injection vulnerability in Log Insight
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Affected:
VMware vRealize Log Insight (8.x prior to 8.6)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:24.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight (8.x prior to 8.6)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user\u0027s environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSV injection vulnerability in Log Insight",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T15:50:54",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight (8.x prior to 8.6)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user\u0027s environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSV injection vulnerability in Log Insight"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22035",
"datePublished": "2021-10-13T15:50:54",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:24.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22021 (GCVE-0-2021-22021)
Vulnerability from cvelistv5 – Published: 2021-08-30 18:06 – Updated: 2024-08-03 18:30
VLAI?
Summary
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
Severity ?
No CVSS data available.
CWE
- Cross Site Scripting (XSS) vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Affected:
VMware vRealize Log Insight (8.x prior to 8.4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight (8.x prior to 8.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS) vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T18:06:13",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0019.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight (8.x prior to 8.4)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0019.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0019.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22021",
"datePublished": "2021-08-30T18:06:13",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3953 (GCVE-0-2020-3953)
Vulnerability from cvelistv5 – Published: 2020-04-15 17:20 – Updated: 2024-08-04 07:52
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
Severity ?
No CVSS data available.
CWE
- Stored XSS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Affected:
VMware vRealize Log Insight prior to 8.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight prior to 8.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T17:20:09",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight prior to 8.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3953",
"datePublished": "2020-04-15T17:20:09",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31704 (GCVE-0-2022-31704)
Vulnerability from nvd – Published: 2023-01-25 00:00 – Updated: 2025-04-02 13:26
VLAI?
Summary
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
Severity ?
9.8 (Critical)
CWE
- VMware vRealize Log Insight broken access control Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | vRealize Log Insight (vRLI) |
Affected:
vRealize Log Insight 8.10.1 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31704",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T13:26:55.313338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T13:26:58.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/174606"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vRealize Log Insight (vRLI)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vRealize Log Insight 8.10.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware vRealize Log Insight broken access control Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T18:06:41.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31704",
"datePublished": "2023-01-25T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-04-02T13:26:58.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31710 (GCVE-0-2022-31710)
Vulnerability from nvd – Published: 2023-01-25 00:00 – Updated: 2025-04-01 15:28
VLAI?
Summary
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.
Severity ?
7.5 (High)
CWE
- VMware vRealize Log Insight Deserialization Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | vRealize Log Insight (vRLI) |
Affected:
vRealize Log Insight 8.10.1 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T15:28:03.261517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T15:28:35.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vRealize Log Insight (vRLI)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vRealize Log Insight 8.10.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware vRealize Log Insight Deserialization Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-25T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31710",
"datePublished": "2023-01-25T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-04-01T15:28:35.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31706 (GCVE-0-2022-31706)
Vulnerability from nvd – Published: 2023-01-25 00:00 – Updated: 2025-04-02 13:25
VLAI?
Summary
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Severity ?
9.8 (Critical)
CWE
- VMware vRealize Log Insight Directory Traversal Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | vRealize Log Insight (vRLI) |
Affected:
vRealize Log Insight 8.10.1 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31706",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T13:25:20.491171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T13:25:27.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/174606"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vRealize Log Insight (vRLI)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vRealize Log Insight 8.10.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware vRealize Log Insight Directory Traversal Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T18:06:38.043Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31706",
"datePublished": "2023-01-25T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-04-02T13:25:27.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31711 (GCVE-0-2022-31711)
Vulnerability from nvd – Published: 2023-01-25 00:00 – Updated: 2025-04-01 15:27
VLAI?
Summary
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
Severity ?
5.3 (Medium)
CWE
- VMware vRealize Log Insight Information Disclosure Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | vRealize Log Insight (vRLI) |
Affected:
vRealize Log Insight 8.10.1 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T15:27:00.516102Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T15:27:39.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vRealize Log Insight (vRLI)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vRealize Log Insight 8.10.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware vRealize Log Insight Information Disclosure Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T18:06:39.555Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
},
{
"url": "http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31711",
"datePublished": "2023-01-25T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-04-01T15:27:39.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31703 (GCVE-0-2022-31703)
Vulnerability from nvd – Published: 2022-12-14 00:00 – Updated: 2025-04-22 16:02
VLAI?
Summary
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Severity ?
7.5 (High)
CWE
- VMware vRealize Log Insight Directory Traversal Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | vRealize Log Insight (vRLI) |
Affected:
vRealize Log Insight 8.10.1 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T16:01:15.840463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:02:51.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vRealize Log Insight (vRLI)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vRealize Log Insight 8.10.1 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware vRealize Log Insight Directory Traversal Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-25T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31703",
"datePublished": "2022-12-14T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-04-22T16:02:51.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31655 (GCVE-0-2022-31655)
Vulnerability from nvd – Published: 2022-07-12 20:44 – Updated: 2024-08-03 07:26
VLAI?
Summary
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
Severity ?
No CVSS data available.
CWE
- Stored cross-site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Affected:
VMware vRealize Log Insight prior to 8.8.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight prior to 8.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-12T20:44:46",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight prior to 8.8.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31655",
"datePublished": "2022-07-12T20:44:46",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31654 (GCVE-0-2022-31654)
Vulnerability from nvd – Published: 2022-07-12 20:43 – Updated: 2024-08-03 07:26
VLAI?
Summary
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
Severity ?
No CVSS data available.
CWE
- Stored cross-site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Affected:
VMware vRealize Log Insight prior to 8.8.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight prior to 8.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-12T20:43:09",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight prior to 8.8.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31654",
"datePublished": "2022-07-12T20:43:09",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22035 (GCVE-0-2021-22035)
Vulnerability from nvd – Published: 2021-10-13 15:50 – Updated: 2024-08-03 18:30
VLAI?
Summary
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
Severity ?
No CVSS data available.
CWE
- CSV injection vulnerability in Log Insight
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Affected:
VMware vRealize Log Insight (8.x prior to 8.6)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:24.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight (8.x prior to 8.6)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user\u0027s environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSV injection vulnerability in Log Insight",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T15:50:54",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight (8.x prior to 8.6)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user\u0027s environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSV injection vulnerability in Log Insight"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22035",
"datePublished": "2021-10-13T15:50:54",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:24.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22021 (GCVE-0-2021-22021)
Vulnerability from nvd – Published: 2021-08-30 18:06 – Updated: 2024-08-03 18:30
VLAI?
Summary
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
Severity ?
No CVSS data available.
CWE
- Cross Site Scripting (XSS) vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Affected:
VMware vRealize Log Insight (8.x prior to 8.4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight (8.x prior to 8.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS) vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T18:06:13",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0019.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight (8.x prior to 8.4)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0019.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0019.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22021",
"datePublished": "2021-08-30T18:06:13",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}