cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-20865,https://securityvulnerability.io/vulnerability/CVE-2023-20865,Command Injection Vulnerability in VMware Aria Operations for Logs,"A command injection vulnerability has been identified in VMware Aria Operations for Logs. This flaw allows an attacker with administrative access to execute arbitrary commands with root privileges, potentially leading to unauthorized access and control over the affected system. It is essential for organizations using this product to investigate and apply the recommended security patches to mitigate the risks associated with this vulnerability.",Vmware,VMware Aria Operations for Logs (formerly vRealize Log Insight),7.2,HIGH,0.000910000002477318,false,false,false,false,,false,false,2023-04-20T00:00:00.000Z,0
CVE-2023-20864,https://securityvulnerability.io/vulnerability/CVE-2023-20864,Deserialization Vulnerability in VMware Aria Operations for Logs,"VMware Aria Operations for Logs is affected by a deserialization vulnerability that allows unauthenticated attackers with network access to execute arbitrary code with root privileges. This vulnerability poses a significant risk as it can be exploited remotely, enabling malicious actors to gain unauthorized access and potentially compromise system integrity. Organizations utilizing this product should take immediate action to implement patches and ensure their systems are secure against potential exploit attempts.",Vmware,VMware Aria Operations for Logs (formerly vRealize Log Insight),9.8,CRITICAL,0.26137998700141907,false,false,false,false,,false,false,2023-04-20T00:00:00.000Z,0
CVE-2022-31655,https://securityvulnerability.io/vulnerability/CVE-2022-31655,,VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.,Vmware,Vmware Vrealize Log Insight,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2022-07-12T20:44:46.000Z,0
CVE-2022-31654,https://securityvulnerability.io/vulnerability/CVE-2022-31654,,VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.,Vmware,Vmware Vrealize Log Insight,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2022-07-12T20:43:09.000Z,0
CVE-2021-22035,https://securityvulnerability.io/vulnerability/CVE-2021-22035,,VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.,Vmware,Vmware Vrealize Log Insight,4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-10-13T15:50:54.000Z,0
CVE-2021-22021,https://securityvulnerability.io/vulnerability/CVE-2021-22021,,VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.,Vmware,Vmware Vrealize Log Insight,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-08-30T18:06:13.000Z,0
CVE-2020-3953,https://securityvulnerability.io/vulnerability/CVE-2020-3953,,Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.,Vmware,Vmware Vrealize Log Insight,4.8,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-04-15T17:20:09.000Z,0
CVE-2020-3954,https://securityvulnerability.io/vulnerability/CVE-2020-3954,,Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.,Vmware,Vmware Vrealize Log Insight,6.1,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2020-04-15T17:17:17.000Z,0
CVE-2018-6980,https://securityvulnerability.io/vulnerability/CVE-2018-6980,,VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.,Vmware,Vmware Vrealize Log Insight,7.2,HIGH,0.001019999966956675,false,false,false,false,,false,false,2018-11-13T22:00:00.000Z,0