Published: 26/01/2023 Updated: 01/02/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware vrealize log insight

CVE-2022-31710 vRealize Log Insight contains a deserialization vulnerability An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service authentication complexity vector not available not available not available confidentiality integrity availability not available not available not av

Logfile management is no fun. Now it's a nightmare thanks to critical-rated VMware flaws

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources You know the drill: patch before criminals uses these bugs in vRealize to sniff your systems

VMware has issued fixes for four vulnerabilities, including two critical 9.8-rated remote code execution bugs, in its vRealize Log Insight software.
There are no reports (yet) of nation-state thugs or cybercriminals finding and exploiting these bugs, according to VMware. However, it's a good idea to patch sooner than later to avoid being patient zero.
vRealize Log Insight is a log management tool - everyone's favourite tas, not - and while it may not be as popular as some of th...

CVE-2022-31710

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect