High Threat Security Alert (A23-01-15): Multiple Vulnerabilities in VMware vRealize Log Insight


 

Published on: 26 January 2023

  
  

Description:

VMware has published a security advisory to address multiple vulnerabilities in VMware products. The list of the security updates can be found at:
https://www.vmware.com/security/advisories/VMSA-2023-0001.html

Reports indicate that the vulnerabilities (CVE-2022-31704 and CVE-2022-31706) are at high risk of exploitation.  System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • VMware vRealize Log Insight version 8.x

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation of the vulnerabilities could lead to remote code execution, denial of service or information disclosure on the affected system.

 

Recommendation:

Patches for affected products are available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.vmware.com/security/advisories/VMSA-2023-0001.html
  • https://www.hkcert.org/security-bulletin/vmware-vrealize-log-insight-multiple-vulnerabilities_20230126
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31704
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31706
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31710 (to CVE-2022-31711)


Tag: VMware , VMware vRealize Log Insight
Tags