← Zuruck zu CVEs
CVE-2022-31706
CRITICAL9.8
Beschreibung
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht1/26/2023
Zuletzt geandert4/2/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
vmware:vrealize_log_insight
Schwachen (CWE)
CWE-22CWE-22
Referenzen
http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html(security@vmware.com)
https://www.vmware.com/security/advisories/VMSA-2023-0001.html(security@vmware.com)
http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.vmware.com/security/advisories/VMSA-2023-0001.html(af854a3a-2127-422b-91ae-364da2661108)
https://packetstorm.news/files/id/174606(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.