CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31703 – VMware vRealize Network Insight downloadFile Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-31703
14 Dec 2022 — The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. vRealize Log Insight contiene una vulnerabilidad de directory traversal. Un actor malicioso no autenticado puede inyectar archivos en el Sistema Operativo de un dispositivo afectado, lo que puede resultar en la ejecución remota de código. This vulnerability allows remote attackers to disclose ... • https://www.vmware.com/security/advisories/VMSA-2023-0001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31655
https://notcve.org/view.php?id=CVE-2022-31655
12 Jul 2022 — VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts. VMware vRealize Log Insight en versiones anteriores a la 8.8.2 contienen una vulnerabilidad de tipo cross-site scripting almacenado debido a una saneo de entrada inapropiado en las alertas • https://www.vmware.com/security/advisories/VMSA-2022-0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31654
https://notcve.org/view.php?id=CVE-2022-31654
12 Jul 2022 — VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations. VMware vRealize Log Insight en versiones anteriores a 8.8.2, contienen una vulnerabilidad de tipo cross-site scriptings almacenado debido a un saneo de entrada inapropiado en las configuraciones • https://www.vmware.com/security/advisories/VMSA-2022-0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3953
https://notcve.org/view.php?id=CVE-2020-3953
15 Apr 2020 — Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. Hay una vulnerabilidad de tipo Cross Site Scripting (XSS) en VMware vRealize Log Insight versiones anteriores a 8.1.0, debido a una comprobación de entrada inapropiada. • https://www.vmware.com/security/advisories/VMSA-2020-0007.html • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3954
https://notcve.org/view.php?id=CVE-2020-3954
15 Apr 2020 — Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. Hay una vulnerabilidad de Redireccionamiento Abierto en VMware vRealize Log Insight versiones anteriores a 8.1.0, debido a una comprobación de entrada inapropiada. • https://www.vmware.com/security/advisories/VMSA-2020-0007.html • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5332 – VMware Security Advisory 2016-0011
https://notcve.org/view.php?id=CVE-2016-5332
12 Aug 2016 — Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en VMware vRealize Log Insight 2.x y 3.x en versiones anteriores a 3.6.0 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. vRealize Log Insight contains a vulnerability that may allow for a directory traversal attack. Exploitation of this issue may lead to a partial i... • http://www.securityfocus.com/bid/92448 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-2082
https://notcve.org/view.php?id=CVE-2016-2082
03 Jul 2016 — Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en VMware vRealize Log Insight 2.x y 3.x en versiones 3.3.2 permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos. • http://www.securitytracker.com/id/1036078 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2016-2081
https://notcve.org/view.php?id=CVE-2016-2081
03 Jul 2016 — Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en VMware vRealize Log Insight 2.x y 3.x en versiones anteriores a 3.3.2 permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarios a través de vectores no especificados. • http://www.securitytracker.com/id/1036078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •