"VMware Warns of Critical Code Execution Bugs in vRealize Log Insight"

VMware has patched multiple vulnerabilities in its vRealize Log Insight appliance, tracked as CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, and CVE-2022-31711. The log collection and analytics virtual appliance allows administrators to gather, view, manage, and analyze syslog data. Log Insight monitors application logs, network traces, configuration files, messages, and performance data in real-time. The product's most severe vulnerabilities include a directory traversal flaw and a broken access control vulnerability. An unauthenticated attacker can exploit one of the two vulnerabilities to inject files into an impacted appliance's operating system, resulting in Remote Code Execution (RCE). This article continues to discuss the potential exploitation and impact of the vulnerabilities in the VMware vRealize Log Insight appliance.

Security Affairs reports "VMware Warns of Critical Code Execution Bugs in vRealize Log Insight"