VMware Vrealize Log Insight 8.1.0

CPE Details

VMware Vrealize Log Insight 8.1.0
8.1.0
2020-04-20
16h40 +00:00
2020-04-20
16h40 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vmware:vrealize_log_insight:8.1.0:*:*:*:*:*:*:*

Informations

Vendor

vmware

Product

vrealize_log_insight

Version

8.1.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-31704 2023-01-25 00h00 +00:00 The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
9.8
Critical
CVE-2022-31706 2023-01-25 00h00 +00:00 The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
9.8
Critical
CVE-2022-31710 2023-01-25 00h00 +00:00 vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.
7.5
High
CVE-2022-31711 2023-01-25 00h00 +00:00 VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
5.3
Medium
CVE-2022-31703 2022-12-13 23h00 +00:00 The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
7.5
High
CVE-2022-31655 2022-07-12 18h44 +00:00 VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
5.4
Medium
CVE-2022-31654 2022-07-12 18h43 +00:00 VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
5.4
Medium
CVE-2021-22035 2021-10-13 13h50 +00:00 VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
4.3
Medium
CVE-2021-22021 2021-08-30 16h06 +00:00 VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
5.4
Medium