Deserialization Vulnerability in vRealize Log Insight by VMware
CVE-2022-31710

7.5HIGH

Key Information:

Vendor: Vmware
Status: Vrealize Log Insight (vrli)
Vendor: CVE Published:; 26 January 2023

Summary

A significant deserialization vulnerability has been discovered in vRealize Log Insight, where an unauthenticated malicious actor can exploit this flaw to trigger the deserialization of untrusted data. This exploitation may lead to a denial of service, compromising the availability of the application. It's essential for users to apply the necessary updates to safeguard their systems from potential attacks that exploit this vulnerability.

Affected Version(s)

vRealize Log Insight (vRLI) vRealize Log Insight 8.10.1 and prior

References

https://www.vmware.com/security/advisories/VMSA-2023-0001...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
May 25, 2022