Severity
High
Analysis Summary
CVE-2022-31711 CVSS:5.3
VMware vRealize Log Insight could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to collect sensitive session and application information without authentication.
CVE-2022-31710 CVSS:7.5
VMware vRealize Log Insight is vulnerable to a denial of service, caused by a deserialization vulnerability. A remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2022-31704 CVSS:9.8
VMware vRealize Log Insight could allow a remote attacker to execute arbitrary code on the system, caused by a broken access control vulnerability. By injecting files into the operating system, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Denial of Service
- Code Execution
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-31711
- CVE-2022-31710
- CVE-2022-31704
Affected Vendors
VMware
Affected Products
- VMware Cloud Foundation 3.0
- VMware Cloud Foundation 4.0
- VMware vRealize Log Insight 8.0.0
- VMware VRealize Log Insight 8.4
- VMware VRealize Log Insight 8.3
- VMware VRealize Log Insight 8.2
- VMware VRealize Log Insight 8.1.0
- VMware VRealize Log Insight 8.1.1
- VMware vRealize Log Insight 8.6
- VMware vRealize Log Insight 8.4.1
Remediation
Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.