VMware vRealize Log is vulnerable to several critical security vulnerabilities (CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711). The vulnerabilities were privately reported to the company. Both updates and workarounds are already available to fix the issues.
CVE-2022-31706
CVE-2022-31706 is a directory traversal vulnerability. This type of vulnerability enables threat actors to read arbitrary files on the server, including application code and data, back-end system credentials, and system files. In other cases, attackers may be able to tamper with application data and behavior, leading to full server takeover.
In the case of CVE-2022-31706, “an unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution,” according to VMware’s advisory. The vulnerability has been rated 9.8 on the CVSSv3 system.
CVE-2022-31704
CVE-2022-31704 is a broken access control vulnerability, with a 9.8 rating, that could allow unauthenticated threat actors to inject files into the operating system of exposed appliances. This could then lead to remote code execution.
Remote code execution is an attack concept that involves a threat actor that can remotely command the operation of another person’s machine.
What makes it possible for attackers to execute malicious code and gain control over a compromised system is the use of specific vulnerabilities. Once the system is under the attackers’ control, they can elevate their privileges and continue with arbitrary code execution.
CVE-2022-31710
CVE-2022-31710 is a deserialization vulnerability, rated 7.5, that could allow unauthenticated attacks to remotely trigger the deserialization of untrusted data. This could then lead to denial of service.
Denial of service (DoS) can be accomplished by flooding the target with excessive requests. The purpose of this attack is to overload the targeted system and prevent its legitimate requests from being fulfilled.
CVE-2022-31711
CVE-2022-31711 is an information disclosure vulnerability, with a 5.3 waiting. The vulnerability could enable threat actors to collect sensitive information about sessions and applications remotely and without authentication.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: