CVE-2022-31703

2022-12-1419:15:13

CWE-22

[email protected]

web.nvd.nist.gov

vrealize log insight

cve-2022-31703

directory traversal

remote code execution

security vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.0%

JSON

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

Affected configurations

NVD

Node

vmwarevrealize_log_insightRange≤8.10.1

CPENameOperatorVersion
vmware:vrealize_log_insightvmware vrealize log insightle8.10.1

CPE	Name	Operator	Version
vmware:vrealize_log_insight	vmware vrealize log insight	le	8.10.1

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "vRealize Log Insight (vRLI)",
    "versions": [
      {
        "version": "vRealize Log Insight 8.10.1 and prior",
        "status": "affected"
      }
    ]
  }
]