Lucene search
K

173 matches found

The Hacker News
The Hacker News
added 2021/08/26 7:40 a.m.107 views

VMware Issues Patches to Fix New Flaws Affecting Multiple Products

VMware on Wednesday shipped security updates to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system. The six security weaknesses from CVE-2021-22022 through CVE-2021-22027, CVSS scores: 4.4 - 8.6 affect VMware...

7.5CVSS6.6AI score0.0116EPSS
Exploits1
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.5 views

VMware vRealize Log Insight 跨站脚本漏洞

Vmware VMware vRealize Log Insight is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A cross-site scripting vulnerability exists in VMware vRealize Log Insight that stems from insufficient cleansing of user-supplied data...

5.4CVSS6.2AI score0.00468EPSS
Exploits0References4
VMware
VMware
added 2021/08/22 12:0 a.m.38 views

VMSA-2021-0019:VMware vRealize Log Insight updates address Cross Site Scripting (XSS) vulnerability

Advisory ID: VMSA-2021-0019 CVSSv3 Range: 6.5 Issue Date:2021-08-24 Updated On: 2021-08-24 Initial Advisory CVEs: CVE-2021-22021 Synopsis: VMware vRealize Log Insight updates address Cross Site Scripting XSS vulnerability CVE-2021-22021 RSS Feed Download PDF Download Text File Share this page on...

5.4CVSS5.6AI score0.00468EPSS
Exploits0References19Affected Software2
HPE Security Bulletins
HPE Security Bulletins
added 2021/05/27 12:0 a.m.3 views

HPESBGN04151 rev.1 - HPE OneView for VMware vCenter, Remote Cross-Site Scripting

Potential Security Impact: Remote: Cross-Site Scripting XSS SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE OneView for VMware vCenter with Operations Manager and Log Insight - Prior to 10.2 CVSS Scores: | CVE | CVSS Vector | Base Score | | --- | --- | --- | | CVE-2021-26584 |...

6.1CVSS6.4AI score0.0067EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/04/23 12:0 a.m.10 views

The vulnerability of the vRealize Log Insight log management tool lies in the lack of security measures for the website structure, allowing attackers to perform cross-site scripting attacks.

The vulnerability of the log management tool vRealize Log Insight is related to the lack of security measures for the website structure. Exploiting this vulnerability could allow a malicious actor to perform a cross-site scripting attack remotely...

4.9CVSS5.5AI score0.00653EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/04/23 12:0 a.m.4 views

The vulnerability of the vRealize Log Insight log management tool lies in insufficient validation of input data, allowing a hacker to redirect users to a malicious website.

The vulnerability of the vRealize Log Insight log management tool is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to redirect users to a malicious website...

6.1CVSS6.3AI score0.00774EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/04/23 12:0 a.m.29 views

VMware vRealize Log Insight 4.x < 8.1.0 XSS Vulnerability (VMSA-2020-0007)

The VMware vRealize Log Insight application running on the remote host is 4.0.0 or later but prior to 8.1.0. It is, therefore, affected by a XSS vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid135923; scriptversion"1.3";...

6.1CVSS5.7AI score0.00774EPSS
Exploits0References3
CNVD
CNVD
added 2020/04/16 12:0 a.m.2 views

VMware vRealize Log Insight Input Validation Error Vulnerability

VMware vRealize Log Insight provides real-time log management capabilities for VMware environments. An input validation error vulnerability exists in VMware vRealize Log Insight, which stems from the program's inability to properly validate user input. An attacker could exploit the vulnerability...

6.1CVSS6.8AI score0.00774EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/16 12:0 a.m.2 views

VMware vRealize Log Insight Cross-Site Scripting Vulnerability (CNVD-2020-27463)

VMware vRealize Log Insight provides real-time log management capabilities for VMware environments. A cross-site scripting vulnerability exists in VMware vRealize Log Insight that originates from the program's inability to properly validate user input. An attacker could exploit the vulnerability ...

4.8CVSS6.3AI score0.00653EPSS
Exploits0References1
NVD
NVD
added 2020/04/15 6:15 p.m.26 views

CVE-2020-3954

Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...

6.1CVSS6.2AI score0.00774EPSS
Exploits0References1
OSV
OSV
added 2020/04/15 6:15 p.m.5 views

CVE-2020-3953

Cross Site Scripting XSS vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...

4.8CVSS6.1AI score0.00653EPSS
Exploits0References1
OSV
OSV
added 2020/04/15 6:15 p.m.4 views

CVE-2020-3954

Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...

6.1CVSS5.8AI score0.00774EPSS
Exploits0References1
Prion
Prion
added 2020/04/15 6:15 p.m.22 views

Open redirect

Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...

5.8CVSS6.1AI score0.00774EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/04/15 5:20 p.m.33 views

CVE-2020-3953

Cross Site Scripting XSS vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...

5.1AI score0.00653EPSS
Exploits0References1
CVE
CVE
added 2020/04/15 5:20 p.m.54 views

CVE-2020-3953

CVE-2020-3953 (and CVE-2020-3954) affect VMware vRealize Log Insight prior to 8.1.0 (and 4.x) due to improper input validation. Root cause: input validation failure enabling Cross Site Scripting (XSS) in the UI. Impact described as stored XSS potentially allowing payloads to execute in other user...

4.8CVSS5.1AI score0.00653EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/04/15 5:17 p.m.26 views

CVE-2020-3954

Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...

6.2AI score0.00774EPSS
Exploits0References1
CVE
CVE
added 2020/04/15 5:17 p.m.46 views

CVE-2020-3954

CVE-2020-3954 is an Open Redirect vulnerability in VMware vRealize Log Insight caused by improper input validation. The VMware VMSA-2020-0007 advisory and accompanying tables indicate impact on vRealize Log Insight 8.x (and 4.x) with Open Redirect exploitable via crafted URLs, enabling phishing-s...

6.1CVSS6.1AI score0.00774EPSS
Exploits0References1Affected Software1
CISA
CISA
added 2020/04/14 12:0 a.m.11 views

VMware Releases Security Updates for vRealize Log Insight

VMware has released security updates to address vulnerabilities in VMware vRealize Log Insight. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware...

7AI score
Exploits0References1
VMware
VMware
added 2020/04/14 12:0 a.m.39 views

VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities (CVE-2020-3953, CVE-2020-3954)

3a. Cross Site Scripting XSS vulnerabilities in vRealize Log Insight due to improper Input validation CVE-2020-3953 vRealize Log Insight does not properly validate user input, resulting in XSS vulnerabilities. VMware has evaluated the severity of this issue to be in the Important severity range...

5.8CVSS5.5AI score0.00774EPSS
Exploits0References6Affected Software1
VMware
VMware
added 2020/04/08 12:0 a.m.13 views

VMSA-2020-0007:VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities

Advisory ID: VMSA-2020-0007.2 CVSSv3 Range: 6.1 - 8.4 Issue Date:2020-04-14 Updated On: 2020-06-24 CVEs: CVE-2020-3953, CVE-2020-3954 Synopsis: VMware vRealize Log Insight addresses Cross Site Scripting XSS and Open Redirect vulnerabilities CVE-2020-3953, CVE-2020-3954 RSS Feed Download PDF...

6.1CVSS5.8AI score0.00774EPSS
Exploits0References20Affected Software1
Rows per page
Query Builder