CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31710 – VMware vRealize Log Insight addClusterCACertificate Deserialization of Untrusted Data Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-31710
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service. vRealize Log Insight contiene una vulnerabilidad de deserialización. Un actor malicioso no autenticado puede desencadenar de forma remota la deserialización de datos que no son de confianza, lo que podría provocar una denegación de servicio. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the addClusterCACertificate function. • https://www.vmware.com/security/advisories/VMSA-2023-0001.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-31704 – VMware vRealize Log Insight setConfig Missing Authentication for Critical Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-31704
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. vRealize Log Insight contiene una vulnerabilidad de control de acceso roto. Un actor malintencionado no autenticado puede inyectar código de forma remota en archivos confidenciales de un dispositivo afectado, lo que puede provocar la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setConfig function. • http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html https://www.vmware.com/security/advisories/VMSA-2023-0001.html https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/vmware_vrli_rce.rb •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-31706 – VMware vRealize Log Insight RemotePakDownloadCommand Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-31706
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. vRealize Log Insight contiene una vulnerabilidad de Directory Traversal. Un actor malintencionado no autenticado puede inyectar archivos en el sistema operativo de un dispositivo afectado, lo que puede provocar la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RemotePakDownloadCommand function. • http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html https://www.vmware.com/security/advisories/VMSA-2023-0001.html https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/vmware_vrli_rce.rb • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-31711 – VMware vRealize Log Insight getConfig Missing Authentication for Critical Function Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-31711
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. VMware vRealize Log Insight contiene una vulnerabilidad de Divulgación de Información. Un actor malintencionado puede recopilar de forma remota información sensible de la sesión y la aplicación sin autenticación. This vulnerability allows remote attackers to disclose information on affected installations of VMware vRealize Log Insight. • http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html https://www.vmware.com/security/advisories/VMSA-2023-0001.html https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/vmware_vrli_rce.rb •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31703 – VMware vRealize Network Insight downloadFile Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-31703
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. vRealize Log Insight contiene una vulnerabilidad de directory traversal. Un actor malicioso no autenticado puede inyectar archivos en el Sistema Operativo de un dispositivo afectado, lo que puede resultar en la ejecución remota de código. This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware vRealize Network Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadFile function. • https://www.vmware.com/security/advisories/VMSA-2023-0001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •