CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20854
https://notcve.org/view.php?id=CVE-2023-20854
VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed. • https://www.vmware.com/security/advisories/VMSA-2023-0003.html • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20856
https://notcve.org/view.php?id=CVE-2023-20856
VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. • https://www.vmware.com/security/advisories/VMSA-2023-0002.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31704 – VMware vRealize Log Insight setConfig Missing Authentication for Critical Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-31704
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. vRealize Log Insight contiene una vulnerabilidad de control de acceso roto. Un actor malintencionado no autenticado puede inyectar código de forma remota en archivos confidenciales de un dispositivo afectado, lo que puede provocar la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setConfig function. • http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html https://www.vmware.com/security/advisories/VMSA-2023-0001.html https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31706 – VMware vRealize Log Insight RemotePakDownloadCommand Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-31706
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. vRealize Log Insight contiene una vulnerabilidad de Directory Traversal. Un actor malintencionado no autenticado puede inyectar archivos en el sistema operativo de un dispositivo afectado, lo que puede provocar la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RemotePakDownloadCommand function. • http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html https://www.vmware.com/security/advisories/VMSA-2023-0001.html https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31711 – VMware vRealize Log Insight getConfig Missing Authentication for Critical Function Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-31711
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. VMware vRealize Log Insight contiene una vulnerabilidad de Divulgación de Información. Un actor malintencionado puede recopilar de forma remota información sensible de la sesión y la aplicación sin autenticación. This vulnerability allows remote attackers to disclose information on affected installations of VMware vRealize Log Insight. • http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html https://www.vmware.com/security/advisories/VMSA-2023-0001.html https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive •