CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31710 – VMware vRealize Log Insight addClusterCACertificate Deserialization of Untrusted Data Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-31710
25 Jan 2023 — vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service. vRealize Log Insight contiene una vulnerabilidad de deserialización. Un actor malicioso no autenticado puede desencadenar de forma remota la deserialización de datos que no son de confianza, lo que podría provocar una denegación de servicio. This vulnerability allows remote attackers to create a denial-of-servi... • https://www.vmware.com/security/advisories/VMSA-2023-0001.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31706 – VMware vRealize Log Insight RemotePakDownloadCommand Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-31706
25 Jan 2023 — The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. vRealize Log Insight contiene una vulnerabilidad de Directory Traversal. Un actor malintencionado no autenticado puede inyectar archivos en el sistema operativo de un dispositivo afectado, lo que puede provocar la ejecución remota de código. This vulnerability allows remote attackers to execut... • http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31711 – VMware vRealize Log Insight getConfig Missing Authentication for Critical Function Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-31711
25 Jan 2023 — VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. VMware vRealize Log Insight contiene una vulnerabilidad de Divulgación de Información. Un actor malintencionado puede recopilar de forma remota información sensible de la sesión y la aplicación sin autenticación. This vulnerability allows remote attackers to disclose information on affected installations of VMware vRealize ... • http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31704 – VMware vRealize Log Insight setConfig Missing Authentication for Critical Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-31704
25 Jan 2023 — The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. vRealize Log Insight contiene una vulnerabilidad de control de acceso roto. Un actor malintencionado no autenticado puede inyectar código de forma remota en archivos confidenciales de un dispositivo afectado, lo que puede provocar la ejecución remota de código. This vulnerability allows re... • http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31703 – VMware vRealize Network Insight downloadFile Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-31703
14 Dec 2022 — The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. vRealize Log Insight contiene una vulnerabilidad de directory traversal. Un actor malicioso no autenticado puede inyectar archivos en el Sistema Operativo de un dispositivo afectado, lo que puede resultar en la ejecución remota de código. This vulnerability allows remote attackers to disclose ... • https://www.vmware.com/security/advisories/VMSA-2023-0001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31655
https://notcve.org/view.php?id=CVE-2022-31655
12 Jul 2022 — VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts. VMware vRealize Log Insight en versiones anteriores a la 8.8.2 contienen una vulnerabilidad de tipo cross-site scripting almacenado debido a una saneo de entrada inapropiado en las alertas • https://www.vmware.com/security/advisories/VMSA-2022-0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31654
https://notcve.org/view.php?id=CVE-2022-31654
12 Jul 2022 — VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations. VMware vRealize Log Insight en versiones anteriores a 8.8.2, contienen una vulnerabilidad de tipo cross-site scriptings almacenado debido a un saneo de entrada inapropiado en las configuraciones • https://www.vmware.com/security/advisories/VMSA-2022-0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3953
https://notcve.org/view.php?id=CVE-2020-3953
15 Apr 2020 — Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. Hay una vulnerabilidad de tipo Cross Site Scripting (XSS) en VMware vRealize Log Insight versiones anteriores a 8.1.0, debido a una comprobación de entrada inapropiada. • https://www.vmware.com/security/advisories/VMSA-2020-0007.html • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3954
https://notcve.org/view.php?id=CVE-2020-3954
15 Apr 2020 — Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. Hay una vulnerabilidad de Redireccionamiento Abierto en VMware vRealize Log Insight versiones anteriores a 8.1.0, debido a una comprobación de entrada inapropiada. • https://www.vmware.com/security/advisories/VMSA-2020-0007.html • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5332 – VMware Security Advisory 2016-0011
https://notcve.org/view.php?id=CVE-2016-5332
12 Aug 2016 — Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en VMware vRealize Log Insight 2.x y 3.x en versiones anteriores a 3.6.0 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. vRealize Log Insight contains a vulnerability that may allow for a directory traversal attack. Exploitation of this issue may lead to a partial i... • http://www.securityfocus.com/bid/92448 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •