CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31703 – VMware vRealize Network Insight downloadFile Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-31703
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. vRealize Log Insight contiene una vulnerabilidad de directory traversal. Un actor malicioso no autenticado puede inyectar archivos en el Sistema Operativo de un dispositivo afectado, lo que puede resultar en la ejecución remota de código. This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware vRealize Network Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadFile function. • https://www.vmware.com/security/advisories/VMSA-2023-0001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31655
https://notcve.org/view.php?id=CVE-2022-31655
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts. VMware vRealize Log Insight en versiones anteriores a la 8.8.2 contienen una vulnerabilidad de tipo cross-site scripting almacenado debido a una saneo de entrada inapropiado en las alertas • https://www.vmware.com/security/advisories/VMSA-2022-0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31654
https://notcve.org/view.php?id=CVE-2022-31654
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations. VMware vRealize Log Insight en versiones anteriores a 8.8.2, contienen una vulnerabilidad de tipo cross-site scriptings almacenado debido a un saneo de entrada inapropiado en las configuraciones • https://www.vmware.com/security/advisories/VMSA-2022-0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3953
https://notcve.org/view.php?id=CVE-2020-3953
Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. Hay una vulnerabilidad de tipo Cross Site Scripting (XSS) en VMware vRealize Log Insight versiones anteriores a 8.1.0, debido a una comprobación de entrada inapropiada. • https://www.vmware.com/security/advisories/VMSA-2020-0007.html • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3954
https://notcve.org/view.php?id=CVE-2020-3954
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. Hay una vulnerabilidad de Redireccionamiento Abierto en VMware vRealize Log Insight versiones anteriores a 8.1.0, debido a una comprobación de entrada inapropiada. • https://www.vmware.com/security/advisories/VMSA-2020-0007.html • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •