PT-2023-2973 · Faronics · Faronics Insight

Name of the Vulnerable Software and Affected Versions: Faronics Insight version 10.0.19045 Description: The issue allows a suitably positioned attacker to perform a man-in-the-middle attack on either a connected student or teacher. This enables them to intercept student keystrokes or modify...

PT-2023-2993 · Faronics · Faronics Insight

Name of the Vulnerable Software and Affected Versions: Faronics Insight versions 10.0.19045 Description: The issue is related to the lack of protection of the web page structure in the Teacher Console and Student Console components of the Faronics Insight platform. This allows an attacker to...

PT-2023-2967 · Faronics · Faronics Insight

Name of the Vulnerable Software and Affected Versions: Faronics Insight version 10.0.19045 Description: An issue in Faronics Insight allows a remote attacker to communicate with private API endpoints, such as "/login", "/consoleSettings", and "/console", despite Virtual Host Routing being used to...

The vulnerability of the log management tool vRealize Log Insight and the VMware Cloud Foundation virtualization platform, related to access control errors, allows a perpetrator to execute arbitrary code.

The vulnerability of the log management tool vRealize Log Insight and the virtualization platform VMware Cloud Foundation is related to access control errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

CVE-2022-31711

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication...

CVE-2022-31710

vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service...

CVE-2022-31710

vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service...

CVE-2022-31711

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication...

CVE-2022-31704

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution...

CVE-2022-31706

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...

CVE-2022-31704

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution...

CVE-2022-31706

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...

Deserialization of untrusted data

vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service...

Directory traversal

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...

Improper access control

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution...

Information disclosure

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication...

VMware addresses Security Flaws in vRealize Log Insight

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary VMware has patched four security flaws in vRealize Log Insight aka Aria Operations for Logs that could potentially expose users to remote code execution attacks and allow an unauthenticated attack...

VMware vRealize Log Insight 8.x < 8.10.2 Mutliple Vulnerabilities (VMSA-2023-0001)

The VMware vRealize Log Insight application running on the remote host is 8.x prior to 8.10.2. It is, therefore, affected by multiple vulnerabilities, including: - An unspecified directory traversal vulnerability. CVE-2022-31706 - An unspecified broken access control vulnerability. CVE-2022-31704...

VMware vRealize Log Insight 安全漏洞

VMware vRealize Log Insight is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A security vulnerability exists in VMware vRealize Log Insight. An unauthenticated attacker could remotely inject code into sensitive files on...

VMware vRealize Log Insight 代码问题漏洞

VMware vRealize Log Insight is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A security vulnerability exists in VMware vRealize Log Insight. An unauthenticated attacker could remotely trigger deserialization of untruste...