This vulnerability allows remote malicious users to execute arbitrary code on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setConfig function. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware vrealize log insight |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources You know the drill: patch before criminals uses these bugs in vRealize to sniff your systems
VMware has issued fixes for four vulnerabilities, including two critical 9.8-rated remote code execution bugs, in its vRealize Log Insight software. There are no reports (yet) of nation-state thugs or cybercriminals finding and exploiting these bugs, according to VMware. However, it's a good idea to patch sooner than later to avoid being patient zero. vRealize Log Insight is a log management tool - everyone's favourite tas, not - and while it may not be as popular as some of the virtualiza...