3. VMware vRealize Log Insight updates address multiple Cross Site Scripting (XSS) vulnerabilities (CVE-2022-31654, CVE-2022-31655)
VMware vRealize Log Insight contains multiple stored cross-site scripting (XSS) vulnerabilities. VMware has evaluated the severity of these issues to be in the Low severity range with a maximum CVSSv3 base score of 3.9.
CPE | Name | Operator | Version |
---|---|---|---|
vmware vrealize log insight | lt | 8.8.2 |
customerconnect.vmware.com/downloads/info/slug/infrastructure_operations_management/vmware_vrealize_log_insight/8_8
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31654
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31655
docs.vmware.com/en/vRealize-Log-Insight/8.8.2/rn/vrealize-log-insight-882-release-notes/index.html
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L