cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-20865,https://securityvulnerability.io/vulnerability/CVE-2023-20865,Command Injection Vulnerability in VMware Aria Operations for Logs,"A command injection vulnerability has been identified in VMware Aria Operations for Logs. This flaw allows an attacker with administrative access to execute arbitrary commands with root privileges, potentially leading to unauthorized access and control over the affected system. It is essential for organizations using this product to investigate and apply the recommended security patches to mitigate the risks associated with this vulnerability.",Vmware,Vmware Aria Operations For Logs (formerly Vrealize Log Insight),7.2,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2023-04-20T00:00:00.000Z,0
CVE-2023-20864,https://securityvulnerability.io/vulnerability/CVE-2023-20864,Deserialization Vulnerability in VMware Aria Operations for Logs,"VMware Aria Operations for Logs is affected by a deserialization vulnerability that allows unauthenticated attackers with network access to execute arbitrary code with root privileges. This vulnerability poses a significant risk as it can be exploited remotely, enabling malicious actors to gain unauthorized access and potentially compromise system integrity. Organizations utilizing this product should take immediate action to implement patches and ensure their systems are secure against potential exploit attempts.",Vmware,Vmware Aria Operations For Logs (formerly Vrealize Log Insight),9.8,CRITICAL,0.26137998700141907,false,,false,false,false,,,false,false,,2023-04-20T00:00:00.000Z,0
CVE-2022-31655,https://securityvulnerability.io/vulnerability/CVE-2022-31655,Stored Cross-Site Scripting Vulnerability in VMware vRealize Log Insight,"VMware vRealize Log Insight prior to version 8.8.2 is susceptible to a stored cross-site scripting vulnerability. This issue is caused by improper input sanitization in alerts, allowing attackers to execute malicious scripts in the context of users accessing the affected web applications. If exploited, it could lead to unauthorized actions and data exposure.",Vmware,Vmware Vrealize Log Insight,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-07-12T20:44:46.000Z,0
CVE-2022-31654,https://securityvulnerability.io/vulnerability/CVE-2022-31654,Stored Cross-Site Scripting Vulnerability in VMware vRealize Log Insight,"VMware vRealize Log Insight versions before 8.8.2 suffer from a stored cross-site scripting vulnerability. This issue arises due to improper input sanitization when handling configurations, allowing attackers to inject malicious scripts that can be executed in the context of a user's session. Users of affected versions should update to the latest version to mitigate this risk. More details can be found on VMware's official advisory.",Vmware,Vmware Vrealize Log Insight,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-07-12T20:43:09.000Z,0
CVE-2021-22035,https://securityvulnerability.io/vulnerability/CVE-2021-22035,CSV Injection Vulnerability in VMware vRealize Log Insight,"The CSV injection vulnerability in VMware vRealize Log Insight affects versions 8.x before 8.6. It allows an authenticated attacker with non-administrative privileges to introduce untrusted data during the interactive analytics export process. If exported, this malicious data could be executed in a user's environment, potentially compromising sensitive information. To mitigate this risk, users should perform strong input validation and ensure that exports are conducted in a secure context.",Vmware,Vmware Vrealize Log Insight,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-10-13T15:50:54.000Z,0
CVE-2021-22021,https://securityvulnerability.io/vulnerability/CVE-2021-22021,Cross Site Scripting Vulnerability in VMware vRealize Log Insight,"VMware vRealize Log Insight versions prior to 8.4 are susceptible to a Cross Site Scripting vulnerability caused by inadequate validation of user input. This flaw allows an attacker with user privileges to insert a malicious script into the Log Insight UI. When other users access the affected shared dashboard link, the injected script executes, which could potentially lead to unauthorized actions or data exposure.",Vmware,Vmware Vrealize Log Insight,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-08-30T18:06:13.000Z,0
CVE-2020-3953,https://securityvulnerability.io/vulnerability/CVE-2020-3953,Cross Site Scripting Vulnerability in VMware vRealize Log Insight,"A Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight versions prior to 8.1.0 due to improper input validation. This flaw could allow an attacker to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions or data exposure.",Vmware,Vmware Vrealize Log Insight,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-04-15T17:20:09.000Z,0
CVE-2020-3954,https://securityvulnerability.io/vulnerability/CVE-2020-3954,Open Redirect Vulnerability in VMware vRealize Log Insight,"An Open Redirect vulnerability exists in VMware vRealize Log Insight prior to version 8.1.0, stemming from inadequate input validation. This flaw allows attackers to manipulate redirection paths for users, potentially leading them to malicious URLs. Proper validation measures should be implemented to safeguard against unauthorized redirection and protect sensitive data.",Vmware,Vmware Vrealize Log Insight,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-04-15T17:17:17.000Z,0
CVE-2018-6980,https://securityvulnerability.io/vulnerability/CVE-2018-6980,,VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.,Vmware,Vmware Vrealize Log Insight,7.2,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2018-11-13T22:00:00.000Z,0