Vulnerability Details CVE-2022-31711
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.72
EPSS Ranking 98.7%
CVSS Severity
CVSS v3 Score 5.3
References
- http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html
- https://www.vmware.com/security/advisories/VMSA-2023-0001.html
- http://packetstormsecurity.com/files/174606/VMware-vRealize-Log-Insight-Unauthenticated-Remote-Code-Execution.html
- https://www.vmware.com/security/advisories/VMSA-2023-0001.html
Products affected by CVE-2022-31711
-
cpe:2.3:a:vmware:vrealize_log_insight:3.0
-
cpe:2.3:a:vmware:vrealize_log_insight:3.0.1
-
cpe:2.3:a:vmware:vrealize_log_insight:3.3
-
cpe:2.3:a:vmware:vrealize_log_insight:3.3.1
-
cpe:2.3:a:vmware:vrealize_log_insight:3.3.2
-
cpe:2.3:a:vmware:vrealize_log_insight:3.6
-
cpe:2.3:a:vmware:vrealize_log_insight:4.0
-
cpe:2.3:a:vmware:vrealize_log_insight:4.3
-
cpe:2.3:a:vmware:vrealize_log_insight:4.5
-
cpe:2.3:a:vmware:vrealize_log_insight:4.5.1
-
cpe:2.3:a:vmware:vrealize_log_insight:4.6
-
cpe:2.3:a:vmware:vrealize_log_insight:4.6.1
-
cpe:2.3:a:vmware:vrealize_log_insight:4.6.2
-
cpe:2.3:a:vmware:vrealize_log_insight:4.7
-
cpe:2.3:a:vmware:vrealize_log_insight:4.7.1
-
cpe:2.3:a:vmware:vrealize_log_insight:4.8
-
cpe:2.3:a:vmware:vrealize_log_insight:8.0.0
-
cpe:2.3:a:vmware:vrealize_log_insight:8.1.0
-
cpe:2.3:a:vmware:vrealize_log_insight:8.8.2