This vulnerability allows remote malicious users to create a denial-of-service condition on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the addClusterCACertificate function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware vrealize log insight |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources You know the drill: patch before criminals uses these bugs in vRealize to sniff your systems
VMware has issued fixes for four vulnerabilities, including two critical 9.8-rated remote code execution bugs, in its vRealize Log Insight software. There are no reports (yet) of nation-state thugs or cybercriminals finding and exploiting these bugs, according to VMware. However, it's a good idea to patch sooner than later to avoid being patient zero. vRealize Log Insight is a log management tool - everyone's favourite tas, not - and while it may not be as popular as some of the virtualiza...