Lucene search
K
VmwareVrealize Log Insight

15 matches found

CVE
CVE
added 2023/01/25 12:0 a.m.192 views

CVE-2022-31704

CVE-2022-31704 affects VMware vRealize Log Insight. A broken access control vulnerability allows an unauthenticated attacker to remotely inject code into sensitive files on the impacted appliance, enabling remote code execution. Affected product: VMware vRealize Log Insight (now part of VMware Ar...

9.8CVSS9.8AI score0.81011EPSS
CVE
CVE
added 2023/01/25 12:0 a.m.141 views

CVE-2022-31706

VMware vRealize Log Insight (now VMware Aria Operations for Logs) contains CVE-2022-31706: a directory traversal flaw that allows an unauthenticated attacker to inject files into the appliance OS, leading to remote code execution. Affected release series are 8.x prior to 8.10.2, with the vendor a...

9.8CVSS9.7AI score0.87077EPSS
CVE
CVE
added 2023/01/25 12:0 a.m.130 views

CVE-2022-31710

CVE-2022-31710 affects VMware vRealize Log Insight and is caused by a deserialization vulnerability that an unauthenticated attacker can trigger remotely to cause a DoS. The vulnerability is part of a set of flaws in vRealize Log Insight (8.x) that VMware addressed in version 8.10.2 under VMSA-20...

7.5CVSS7.6AI score0.0147EPSS
CVE
CVE
added 2023/01/25 12:0 a.m.97 views

CVE-2022-31711

CVE-2022-31711 affects VMware vRealize Log Insight. The provided sources consistently describe an Information Disclosure vulnerability that allows an unauthenticated, remote actor to collect sensitive session and application information. The issue is categorized with CVSS v3.1 metrics (AV:N/AC:L/...

5.3CVSS6.8AI score0.21657EPSS
CVE
CVE
added 2022/07/12 8:43 p.m.93 views

CVE-2022-31654

CVE-2022-31654 affects VMware vRealize Log Insight prior to 8.8.2. The issue is a stored cross-site scripting (XSS) vulnerability caused by improper input sanitization in configurations, enabling malicious input to be stored and potentially executed in the context of an admin-facing interface. Th...

5.4CVSS5.1AI score0.00376EPSS
CVE
CVE
added 2022/12/14 12:0 a.m.92 views

CVE-2022-31703

The CVE-2022-31703 entry concerns a Directory Traversal Vulnerability in VMware products that, per the documents, allows an unauthenticated attacker to inject files into the operating system of VMware vRealize Log Insight (and related vRNI REST API endpoints), potentially leading to remote code e...

7.5CVSS8AI score0.01792EPSS
CVE
CVE
added 2022/07/12 8:44 p.m.73 views

CVE-2022-31655

CVE-2022-31655 affects VMware vRealize Log Insight before 8.8.2. The issue is a stored cross-site scripting vulnerability caused by improper input sanitization in alerts, as documented by Red Hat, NVD, and VMware advisories. The vulnerability arises in the alert configuration/input path and can b...

5.4CVSS5.1AI score0.00376EPSS
CVE
CVE
added 2021/08/30 6:6 p.m.71 views

CVE-2021-22021

VMware vRealize Log Insight (8.x prior to 8.4) has an XSS vulnerability caused by improper user input validation. An attacker with user privileges can inject a malicious payload via the Log Insight UI, which executes when a victim accesses a shared dashboard link. Public sources and advisories co...

5.4CVSS5.3AI score0.00468EPSS
CVE
CVE
added 2021/10/13 3:50 p.m.65 views

CVE-2021-22035

CVE-2021-22035 affects VMware vRealize Log Insight (8.x, prior to 8.6). A CSV injection vulnerability exists in the interactive analytics export function, allowing an authenticated user with non-administrative privileges to embed untrusted data in a CSV export, potentially executing in the user’s...

4.3CVSS4.5AI score0.00553EPSS
CVE
CVE
added 2016/07/03 1:0 a.m.63 views

CVE-2016-2081

The CVE-2016-2081 issue affects VMware vRealize Log Insight 2.x and 3.x prior to 3.3.2, with a cross-site scripting (XSS) vulnerability caused by improper validation of user-supplied input. An unauthenticated, remote attacker could inject arbitrary script or HTML via unspecified vectors, potentia...

6.1CVSS6.5AI score0.00765EPSS
CVE
CVE
added 2016/08/31 1:0 a.m.63 views

CVE-2016-5332

VMware vRealize Log Insight 2.x and 3.x prior to 3.6.0 are affected by a directory traversal vulnerability that may allow an unauthenticated remote attacker to disclose arbitrary files via directory traversal. Root cause cited in VMware advisories is improper input handling leading to partial inf...

5.3CVSS5.9AI score0.02957EPSS
CVE
CVE
added 2018/11/13 10:0 p.m.55 views

CVE-2018-6980

CVE-2018-6980 affects VMware vRealize Log Insight, specifically versions 4.7.x before 4.7.1 and 4.6.x before 4.6.2. The issue is an improper authorization in the user registration flow, which may allow Admin users with view-only permission to perform certain administrative actions they should not...

7.2CVSS6.8AI score0.01438EPSS
CVE
CVE
added 2020/04/15 5:20 p.m.54 views

CVE-2020-3953

CVE-2020-3953 (and CVE-2020-3954) affect VMware vRealize Log Insight prior to 8.1.0 (and 4.x) due to improper input validation. Root cause: input validation failure enabling Cross Site Scripting (XSS) in the UI. Impact described as stored XSS potentially allowing payloads to execute in other user...

4.8CVSS5.1AI score0.00653EPSS
CVE
CVE
added 2016/07/03 1:0 a.m.47 views

CVE-2016-2082

CVE-2016-2082 affects VMware vRealize Log Insight 2.x and 3.x prior to 3.3.2. The issue is a cross-site request forgery (CSRF/XSRF) vulnerability that can hijack an authenticated user’s session. The root cause is insufficient CSRF protection for certain actions. A remediation present in the conne...

8.8CVSS8.8AI score0.00632EPSS
CVE
CVE
added 2020/04/15 5:17 p.m.46 views

CVE-2020-3954

CVE-2020-3954 is an Open Redirect vulnerability in VMware vRealize Log Insight caused by improper input validation. The VMware VMSA-2020-0007 advisory and accompanying tables indicate impact on vRealize Log Insight 8.x (and 4.x) with Open Redirect exploitable via crafted URLs, enabling phishing-s...

6.1CVSS6.1AI score0.00774EPSS