CVE-2020-3954Improper Input Validation in Vmware Vrealize LOG Insight

CWE-20Improper Input ValidationCWE-601Open Redirect4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.5%
top 34.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Vrealize LOG Insight
Timeline
PublishedApr 15
Latest updateMay 24

Description

Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-2fc8-wj99-h595: Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 82022-05-24
CVEList
CVE-2020-3954: Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 82020-04-15

📋Vendor Advisories

1
VMware
VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities (CVE-2020-3953, CVE-2020-3954)2020-04-14
CVE-2020-3954 — Improper Input Validation in Vmware | cvebase