• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities

You are here: Home / General Cyber Security News / VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities
January 25, 2023

vRealize Log Insight Software

VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight (aka Aria Operations for Logs) that could expose users to remote code execution attacks.

Two of the flaws are critical, carrying a severity rating of 9.8 out of a maximum of 10, the virtualization services provider noted in its first security bulletin for 2023.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Tracked as CVE-2022-31706 and CVE-2022-31704, the directory traversal and broken access control issues could be exploited by a threat actor to achieve remote code execution irrespective of the difference in the attack pathway.

“An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution,” the company said of the two shortcomings.

A third vulnerability relates to a deserialization flaw (CVE-2022-31710, CVSS score: 7.5) that could be weaponized by an unauthenticated attacker to trigger a denial-of-service (DoS) condition.

Lastly, vRealize Log Insight has also been found susceptible to an information disclosure bug (CVE-2022-31711, CVSS score: 5.3) which could permit access to sensitive session and application data without any authentication.

The Zero Day Initiative (ZDI) has been credited for reporting all the flaws. Besides releasing version 8.10.2 to address the issues, VMware has also provided workarounds to mitigate them until the patches can be applied.

While there is no indication that the aforementioned vulnerabilities have been exploited in the wild, it’s not uncommon for threat actors to target VMware appliances in their attacks, making it essential that the fixes are applied as soon as possible.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News DragonSpark Hackers Evade Detection With SparkRAT and Golang

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities
  • VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities
  • DragonSpark Hackers Evade Detection With SparkRAT and Golang
  • FBI Confirms Lazarus Group Was Behind $100m Harmony Hack
  • Microsoft to Block Excel XLL Add-Ins to Stop Malware Delivery
  • #DataPrivacyWeek: Consumers Already Concerned About AI’s Impact on Data Privacy
  • Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection
  • FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft
  • Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium
  • Up to 350,000 open source projects vulnerable to 15-year-old Python bug

Copyright © TheCyberSecurity.News, All Rights Reserved.