← Volver a CVEs
CVE-2022-31704
CRITICAL9.8
Descripcion
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/26/2023
Ultima modificacion4/2/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
vmware:vrealize_log_insight
Debilidades (CWE)
CWE-284
Referencias
http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html(security@vmware.com)
https://www.vmware.com/security/advisories/VMSA-2023-0001.html(security@vmware.com)
http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.vmware.com/security/advisories/VMSA-2023-0001.html(af854a3a-2127-422b-91ae-364da2661108)
https://packetstorm.news/files/id/174606(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.