• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
vmware releases patches for critical vrealize log insight software vulnerabilities

VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities

You are here: Home / General Cyber Security News / VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities
January 25, 2023

VMware on Tuesday introduced software to remediate four security vulnerabilities influencing vRealize Log Perception (aka Aria Functions for Logs) that could expose buyers to distant code execution attacks.

Two of the flaws are critical, carrying a severity ranking of 9.8 out of a highest of 10, the virtualization expert services company noted in its to start with security bulletin for 2023.

Tracked as CVE-2022-31706 and CVE-2022-31704, the listing traversal and damaged obtain control issues could be exploited by a risk actor to accomplish remote code execution irrespective of the variation in the attack pathway.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“An unauthenticated, destructive actor can inject data files into the running technique of an impacted appliance which can result in remote code execution,” the enterprise explained of the two shortcomings.

A 3rd vulnerability relates to a deserialization flaw (CVE-2022-31710, CVSS rating: 7.5) that could be weaponized by an unauthenticated attacker to cause a denial-of-support (DoS) situation.

Lastly, vRealize Log Insight has also been discovered prone to an details disclosure bug (CVE-2022-31711, CVSS rating: 5.3) which could allow accessibility to delicate session and software information devoid of any authentication.

The Zero Day Initiative (ZDI) has been credited for reporting all the flaws. Aside from releasing variation 8.10.2 to tackle the issues, VMware has also provided workarounds to mitigate them until the patches can be applied.

Whilst there is no indicator that the aforementioned vulnerabilities have been exploited in the wild, it truly is not unheard of for risk actors to concentrate on VMware appliances in their attacks, making it crucial that the fixes are applied as soon as probable.

Uncovered this article fascinating? Observe us on Twitter  and LinkedIn to read extra distinctive written content we submit.


Some elements of this short article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News DragonSpark Hackers Evade Detection With SparkRAT and Golang
Next Post: LastPass Parent Company GoTo Suffers Data Breach, Customers’ Backups Compromised lastpass parent company goto suffers data breach, customers' backups compromised»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New 5G Modems Flaws Affect iOS Devices and Android Models from Major Brands
  • N. Korean Kimsuky Targeting South Korean Research Institutes with Backdoor Attacks
  • Ransomware-as-a-Service: The Growing Threat You Can’t Ignore
  • Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software
  • WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability
  • Founder of Bitzlato Cryptocurrency Exchange Pleads Guilty in Money-Laundering Scheme
  • Microsoft Warns of COLDRIVER’s Evolving Evading and Credential-Stealing Tactics
  • New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices
  • Hacking the Human Mind: Exploiting Vulnerabilities in the ‘First Line of Cyber Defense’
  • Building a Robust Threat Intelligence with Wazuh

Copyright © TheCyberSecurity.News, All Rights Reserved.