Directory Traversal Vulnerability in vRealize Log Insight by VMware
CVE-2022-31703

7.5HIGH

Key Information:

Vendor: Vmware
Status: Vrealize Log Insight (vrli)
Vendor: CVE Published:; 14 December 2022

Summary

The vRealize Log Insight product by VMware is exposed to a directory traversal vulnerability that allows unauthenticated attackers to inject files into the operating system of the affected appliance. This weakness can lead to potential remote code execution, significantly compromising the integrity and security of the system. Organizations utilizing this product should evaluate their exposure and take necessary actions to mitigate risks associated with this vulnerability.

Affected Version(s)

vRealize Log Insight (vRLI) vRealize Log Insight 8.10.1 and prior

References

https://www.vmware.com/security/advisories/VMSA-2023-0001...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2022
Vulnerability Reserved
May 25, 2022