15 matches found
CVE-2022-31704
CVE-2022-31704 affects VMware vRealize Log Insight. A broken access control vulnerability allows an unauthenticated attacker to remotely inject code into sensitive files on the impacted appliance, enabling remote code execution. Affected product: VMware vRealize Log Insight (now part of VMware Ar...
CVE-2022-31706
VMware vRealize Log Insight (now VMware Aria Operations for Logs) contains CVE-2022-31706: a directory traversal flaw that allows an unauthenticated attacker to inject files into the appliance OS, leading to remote code execution. Affected release series are 8.x prior to 8.10.2, with the vendor a...
CVE-2022-31710
CVE-2022-31710 affects VMware vRealize Log Insight and is caused by a deserialization vulnerability that an unauthenticated attacker can trigger remotely to cause a DoS. The vulnerability is part of a set of flaws in vRealize Log Insight (8.x) that VMware addressed in version 8.10.2 under VMSA-20...
CVE-2022-31711
CVE-2022-31711 affects VMware vRealize Log Insight. The provided sources consistently describe an Information Disclosure vulnerability that allows an unauthenticated, remote actor to collect sensitive session and application information. The issue is categorized with CVSS v3.1 metrics (AV:N/AC:L/...
CVE-2022-31654
CVE-2022-31654 affects VMware vRealize Log Insight prior to 8.8.2. The issue is a stored cross-site scripting (XSS) vulnerability caused by improper input sanitization in configurations, enabling malicious input to be stored and potentially executed in the context of an admin-facing interface. Th...
CVE-2022-31703
The CVE-2022-31703 entry concerns a Directory Traversal Vulnerability in VMware products that, per the documents, allows an unauthenticated attacker to inject files into the operating system of VMware vRealize Log Insight (and related vRNI REST API endpoints), potentially leading to remote code e...
CVE-2022-31655
CVE-2022-31655 affects VMware vRealize Log Insight before 8.8.2. The issue is a stored cross-site scripting vulnerability caused by improper input sanitization in alerts, as documented by Red Hat, NVD, and VMware advisories. The vulnerability arises in the alert configuration/input path and can b...
CVE-2021-22021
VMware vRealize Log Insight (8.x prior to 8.4) has an XSS vulnerability caused by improper user input validation. An attacker with user privileges can inject a malicious payload via the Log Insight UI, which executes when a victim accesses a shared dashboard link. Public sources and advisories co...
CVE-2021-22035
CVE-2021-22035 affects VMware vRealize Log Insight (8.x, prior to 8.6). A CSV injection vulnerability exists in the interactive analytics export function, allowing an authenticated user with non-administrative privileges to embed untrusted data in a CSV export, potentially executing in the user’s...
CVE-2016-2081
The CVE-2016-2081 issue affects VMware vRealize Log Insight 2.x and 3.x prior to 3.3.2, with a cross-site scripting (XSS) vulnerability caused by improper validation of user-supplied input. An unauthenticated, remote attacker could inject arbitrary script or HTML via unspecified vectors, potentia...
CVE-2016-5332
VMware vRealize Log Insight 2.x and 3.x prior to 3.6.0 are affected by a directory traversal vulnerability that may allow an unauthenticated remote attacker to disclose arbitrary files via directory traversal. Root cause cited in VMware advisories is improper input handling leading to partial inf...
CVE-2018-6980
CVE-2018-6980 affects VMware vRealize Log Insight, specifically versions 4.7.x before 4.7.1 and 4.6.x before 4.6.2. The issue is an improper authorization in the user registration flow, which may allow Admin users with view-only permission to perform certain administrative actions they should not...
CVE-2020-3953
CVE-2020-3953 (and CVE-2020-3954) affect VMware vRealize Log Insight prior to 8.1.0 (and 4.x) due to improper input validation. Root cause: input validation failure enabling Cross Site Scripting (XSS) in the UI. Impact described as stored XSS potentially allowing payloads to execute in other user...
CVE-2016-2082
CVE-2016-2082 affects VMware vRealize Log Insight 2.x and 3.x prior to 3.3.2. The issue is a cross-site request forgery (CSRF/XSRF) vulnerability that can hijack an authenticated user’s session. The root cause is insufficient CSRF protection for certain actions. A remediation present in the conne...
CVE-2020-3954
CVE-2020-3954 is an Open Redirect vulnerability in VMware vRealize Log Insight caused by improper input validation. The VMware VMSA-2020-0007 advisory and accompanying tables indicate impact on vRealize Log Insight 8.x (and 4.x) with Open Redirect exploitable via crafted URLs, enabling phishing-s...