Lucene search

[email protected]NVD:CVE-2022-31704

HistoryJan 26, 2023 - 9:15 p.m.

CVE-2022-31704

2023-01-2621:15:37

[email protected]

web.nvd.nist.gov

vrealize log insight

access control

vulnerability

remote code execution

cve-2022-31704

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.6%

JSON

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.

Affected configurations

NVD

Node

vmwarevrealize_log_insightRange3.0–4.8

vmwarevrealize_log_insightRange8.0.0–8.10.2

References

packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html

www.vmware.com/security/advisories/VMSA-2023-0001.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.6%

JSON

Related for NVD:CVE-2022-31704

cvelist1 zdi1 prion1 cve1 malwarebytes1 packetstorm1 zdt1 thn2 nessus1 vmware1 rapid7blog1