CVE-2022-31703 — Path Traversal in Vmware Vrealize LOG Insight

CWE-22 — Path Traversal4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.6%

top 18.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vrealize LOG Insight

Timeline

PublishedDec 14

Description

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDvmware/vrealize_log_insight8.10.1

🔴Vulnerability Details

CVEList

CVE-2022-31703: The vRealize Log Insight contains a Directory Traversal Vulnerability↗2022-12-14

▶

GHSA

GHSA-v2g5-92j4-qq7q: vRealize Network Insight (vRNI) directory traversal vulnerability in vRNI REST API↗2022-12-14

▶

📋Vendor Advisories

VMware

VMware vRealize Network Insight (vRNI) updates address command injection and directory traversal security vulnerabilities (CVE-2022-31702, CVE-2022-31703)↗2022-12-13

▶