VMware Vrealize Log Insight 8.1.0

CPE Details

VMware Vrealize Log Insight 8.1.0
vmware
vrealize_log_insight
8.1.0
2020-04-20
16h40 +00:00
2020-04-20
16h40 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vmware:vrealize_log_insight:8.1.0:*:*:*:*:*:*:*

Informations

Vendor

vmware

Product

vrealize_log_insight

Version

8.1.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-31704 2023-01-25 00h00 +00:00 The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
9.8
Critical
CVE-2022-31706 2023-01-25 00h00 +00:00 The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
9.8
Critical
CVE-2022-31710 2023-01-25 00h00 +00:00 vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.
7.5
High
CVE-2022-31711 2023-01-25 00h00 +00:00 VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
5.3
Medium
CVE-2022-31703 2022-12-14 00h00 +00:00 The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
7.5
High
CVE-2022-31655 2022-07-12 18h44 +00:00 VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
5.4
Medium
CVE-2022-31654 2022-07-12 18h43 +00:00 VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
5.4
Medium
CVE-2021-22035 2021-10-13 13h50 +00:00 VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
4.3
Medium
CVE-2021-22021 2021-08-30 16h06 +00:00 VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
5.4
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.