Product:

Vrealize_log_insight

(Vmware)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 15
Date Id Summary Products Score Patch Annotated
2020-04-15 CVE-2020-3953 Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. Vrealize_log_insight 4.8
2020-04-15 CVE-2020-3954 Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. Vrealize_log_insight 6.1
2021-08-30 CVE-2021-22021 VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link. Cloud_foundation, Vrealize_log_insight 5.4
2021-10-13 CVE-2021-22035 VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment. Cloud_foundation, Vrealize_log_insight, Vrealize_suite_lifecycle_manager 4.3
2022-07-12 CVE-2022-31654 VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations. Vrealize_log_insight 5.4
2022-07-12 CVE-2022-31655 VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts. Vrealize_log_insight 5.4
2022-12-14 CVE-2022-31703 The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. Vrealize_log_insight 7.5
2023-01-26 CVE-2022-31704 The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. Vrealize_log_insight 9.8
2023-01-26 CVE-2022-31706 The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. Vrealize_log_insight 9.8
2023-01-26 CVE-2022-31710 vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service. Vrealize_log_insight 7.5