VMwareVMSA-2022-0031VMware vRealize Network Insight (vRNI) updates address command injection and directory traversal security vulnerabilities (CVE-2022-31702, CVE-2022-31703)
3a. VMware vRealize Network Insight (vRNI) command injection vulnerability (CVE-2022-31702)
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.8.
3b. VMware vRealize Network Insight (vRNI) contains a directory traversal vulnerability (CVE-2022-31703)
vRealize Network Insight (vRNI) directory traversal vulnerability in vRNI REST API. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 7.5.
References
customerconnect.vmware.com/downloads/info/slug/infrastructure_operations_management/vmware_vrealize_network_insight/6_x
docs.vmware.com/en/VMware-vRealize-Network-Insight/6.8/rn/vmware-vrealize-network-insight-68-release-notes/index.html
kb.vmware.com/s/article/90381
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Related
