CVE-2022-31703

7.5HIGH

Key Information

Vendor
Vmware
Status
Vrealize Log Insight (vrli)
Vendor
CVE Published:
14 December 2022

Summary

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

Affected Version(s)

vRealize Log Insight (vRLI) = vRealize Log Insight 8.10.1 and prior

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.