[Nulled] » Information security » VMware has released fixes to address vRealize Log Insight vulnerabilities that could allow attackers
January 25 2023

VMware has released fixes to address vRealize Log Insight

VMware has released fixes to address vRealize Log Insight vulnerabilities that could allow attackers to get remote code execution on uncorrected devices.

vRealize Log Insight (VMware Aria Operations for Logs) is a tool for analyzing and managing infrastructure and application logs in VMware environments.

The first critical CVE-2022-31703 is described as a directory traversal vulnerability that attackers can use to inject files into the OS of devices for RCE.

The second CVE-2022-31704 is an access control vulnerability that can also be abused for remote code execution on vulnerable devices by introducing malicious files.

Both vulnerabilities have a CVSS score of 9.8/10 and can be used by unauthorized attackers in low-complexity attacks that do not require user intervention.

VMware has also eliminated a deserialization vulnerability (CVE-2022-31710) that can be used to invoke DoS status, as well as an information disclosure error (CVE-2022-31711) that can be used to access sensitive session or application information.

The bugs were fixed with the release of VMware vRealize Log Insight 8.10.2. However, none of the bugs were marked as exploited in the wild.

In addition, VMware provided detailed instructions for upgrading to the latest version of vRealize Log Insight (here) and shared a temporary fix.

To apply it, you should run a script under root via SSH on each vRealize Log Insight node in your cluster (provided by VMware here), after which you should make sure that the workaround scenario is successfully implemented by registering each node and a message about its installation.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

    1. Amin (👨‍💼🅿🆁🅴🅼🅸🆄🅼)

      01 April 2024 09:03 34 commenti

      I didn't expect it But it works Thanks

Information the publication:

  • Author of the publication: AdequateSchizo
  • Date of publication: 25 January 2023 15:56
  • Publication category(s): Information security»,Hacking
  • Number of views of the publication: 446
  • Number of comments to the publication: 1

Related News

25 January 2023
Information security
Apple has released fixes

Apple has released fixes to address numerous serious security vulnerabilities for the flagship iOS and macOS

Read more
16 January 2023
Information security
The Taiwanese NAS

The Taiwanese NAS manufacturer Synology has eliminated the vulnerability of the maximum (10/10) severity in VPN

Read more
23 January 2023
Information security
A serious vulnerability

A serious vulnerability in the firmware of InHand Networks' InRouter industrial routers threatens robots,

Read more
15 January 2023
Information security
Synology has eliminated

Synology has eliminated a critical vulnerability in VPN routers

Read more
16 January 2023
Information security
Thousands of Citrix ADC

Thousands of Citrix ADC and Gateway servers remain vulnerable to two major vulnerabilities fixed recently.

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +5 Total articles 6751
  • +18 Comments 4234
  • +32 Users : 6069