VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities
"An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance."
While there is no indication that the aforementioned vulnerabilities have been exploited in the wild, it's not uncommon for threat actors to target VMware appliances in their attacks, making it essential that the fixes are applied as soon as possible. Tracked as CVE-2022-31706 and CVE-2022-31704, the directory traversal and broken access control issues could be exploited by a threat actor to achieve remote code execution irrespective of the difference in the attack pathway. A third vulnerability relates to a deserialization flaw (CVE-2022-31710, CVSS score: 7.5) that could be weaponized by an unauthenticated attacker to trigger a denial-of-service (DoS) condition.
Source read time: 1 min - thehackernews.com
Also offered in: Nederlands