cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-20864,https://securityvulnerability.io/vulnerability/CVE-2023-20864,Deserialization Vulnerability in VMware Aria Operations for Logs,"VMware Aria Operations for Logs is affected by a deserialization vulnerability that allows unauthenticated attackers with network access to execute arbitrary code with root privileges. This vulnerability poses a significant risk as it can be exploited remotely, enabling malicious actors to gain unauthorized access and potentially compromise system integrity. Organizations utilizing this product should take immediate action to implement patches and ensure their systems are secure against potential exploit attempts.",Vmware,Vmware Aria Operations For Logs (formerly Vrealize Log Insight),9.8,CRITICAL,0.26137998700141907,false,,false,false,false,,,false,false,,2023-04-20T00:00:00.000Z,0
CVE-2023-20865,https://securityvulnerability.io/vulnerability/CVE-2023-20865,Command Injection Vulnerability in VMware Aria Operations for Logs,"A command injection vulnerability has been identified in VMware Aria Operations for Logs. This flaw allows an attacker with administrative access to execute arbitrary commands with root privileges, potentially leading to unauthorized access and control over the affected system. It is essential for organizations using this product to investigate and apply the recommended security patches to mitigate the risks associated with this vulnerability.",Vmware,Vmware Aria Operations For Logs (formerly Vrealize Log Insight),7.2,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2023-04-20T00:00:00.000Z,0
CVE-2022-31706,https://securityvulnerability.io/vulnerability/CVE-2022-31706,Directory Traversal Vulnerability in VMware vRealize Log Insight,"The vRealize Log Insight product from VMware is susceptible to a directory traversal vulnerability. This flaw allows a malicious actor without authentication to exploit the system and inject files into the appliance's operating system. Such actions can lead to unauthorized remote code execution, posing significant risks to the integrity and security of the affected systems. Users of vRealize Log Insight should apply the recommended patches from VMware to mitigate potential threats as outlined in the security advisories.",Vmware,Vrealize Log Insight (vrli),9.8,CRITICAL,0.007710000034421682,false,,false,false,true,2023-08-08T18:32:38.000Z,true,false,false,,2023-01-26T21:15:00.000Z,0
CVE-2022-31704,https://securityvulnerability.io/vulnerability/CVE-2022-31704,Broken Access Control in VMware vRealize Log Insight,"VMware vRealize Log Insight is exposed to a broken access control flaw that allows unauthenticated attackers to exploit the system by remotely injecting malicious code into its sensitive files. This vulnerability could lead to significant security breaches, as it enables unauthorized access and manipulation of critical application functionalities. It is crucial for organizations using affected versions of vRealize Log Insight to implement necessary patches and security measures to safeguard their systems.",Vmware,Vrealize Log Insight (vrli),9.8,CRITICAL,0.005450000055134296,false,,false,false,true,2023-08-08T18:32:38.000Z,true,false,false,,2023-01-26T21:15:00.000Z,0
CVE-2022-31710,https://securityvulnerability.io/vulnerability/CVE-2022-31710,Deserialization Vulnerability in vRealize Log Insight by VMware,"A significant deserialization vulnerability has been discovered in vRealize Log Insight, where an unauthenticated malicious actor can exploit this flaw to trigger the deserialization of untrusted data. This exploitation may lead to a denial of service, compromising the availability of the application. It's essential for users to apply the necessary updates to safeguard their systems from potential attacks that exploit this vulnerability.",Vmware,Vrealize Log Insight (vrli),7.5,HIGH,0.001339999958872795,false,,false,false,false,,,false,false,,2023-01-26T21:15:00.000Z,0
CVE-2022-31711,https://securityvulnerability.io/vulnerability/CVE-2022-31711,Information Disclosure Vulnerability in VMware vRealize Log Insight,"VMware vRealize Log Insight is affected by an information disclosure vulnerability that allows unauthorized users to access sensitive session and application data. This vulnerability enables an attacker to remotely collect valuable information without the need for authentication, posing a risk to data integrity and privacy.",Vmware,Vrealize Log Insight (vrli),5.3,MEDIUM,0.0026599999982863665,false,,false,false,true,2023-08-08T18:32:38.000Z,true,false,false,,2023-01-25T00:00:00.000Z,0
CVE-2022-31703,https://securityvulnerability.io/vulnerability/CVE-2022-31703,Directory Traversal Vulnerability in vRealize Log Insight by VMware,"The vRealize Log Insight product by VMware is exposed to a directory traversal vulnerability that allows unauthenticated attackers to inject files into the operating system of the affected appliance. This weakness can lead to potential remote code execution, significantly compromising the integrity and security of the system. Organizations utilizing this product should evaluate their exposure and take necessary actions to mitigate risks associated with this vulnerability.",Vmware,Vrealize Log Insight (vrli),7.5,HIGH,0.001500000013038516,false,,false,false,false,,,false,false,,2022-12-14T00:00:00.000Z,0
CVE-2022-31655,https://securityvulnerability.io/vulnerability/CVE-2022-31655,Stored Cross-Site Scripting Vulnerability in VMware vRealize Log Insight,"VMware vRealize Log Insight prior to version 8.8.2 is susceptible to a stored cross-site scripting vulnerability. This issue is caused by improper input sanitization in alerts, allowing attackers to execute malicious scripts in the context of users accessing the affected web applications. If exploited, it could lead to unauthorized actions and data exposure.",Vmware,Vmware Vrealize Log Insight,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-07-12T20:44:46.000Z,0
CVE-2022-31654,https://securityvulnerability.io/vulnerability/CVE-2022-31654,Stored Cross-Site Scripting Vulnerability in VMware vRealize Log Insight,"VMware vRealize Log Insight versions before 8.8.2 suffer from a stored cross-site scripting vulnerability. This issue arises due to improper input sanitization when handling configurations, allowing attackers to inject malicious scripts that can be executed in the context of a user's session. Users of affected versions should update to the latest version to mitigate this risk. More details can be found on VMware's official advisory.",Vmware,Vmware Vrealize Log Insight,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-07-12T20:43:09.000Z,0
CVE-2021-22035,https://securityvulnerability.io/vulnerability/CVE-2021-22035,CSV Injection Vulnerability in VMware vRealize Log Insight,"The CSV injection vulnerability in VMware vRealize Log Insight affects versions 8.x before 8.6. It allows an authenticated attacker with non-administrative privileges to introduce untrusted data during the interactive analytics export process. If exported, this malicious data could be executed in a user's environment, potentially compromising sensitive information. To mitigate this risk, users should perform strong input validation and ensure that exports are conducted in a secure context.",Vmware,Vmware Vrealize Log Insight,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-10-13T15:50:54.000Z,0
CVE-2021-22021,https://securityvulnerability.io/vulnerability/CVE-2021-22021,Cross Site Scripting Vulnerability in VMware vRealize Log Insight,"VMware vRealize Log Insight versions prior to 8.4 are susceptible to a Cross Site Scripting vulnerability caused by inadequate validation of user input. This flaw allows an attacker with user privileges to insert a malicious script into the Log Insight UI. When other users access the affected shared dashboard link, the injected script executes, which could potentially lead to unauthorized actions or data exposure.",Vmware,Vmware Vrealize Log Insight,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-08-30T18:06:13.000Z,0
CVE-2020-3953,https://securityvulnerability.io/vulnerability/CVE-2020-3953,Cross Site Scripting Vulnerability in VMware vRealize Log Insight,"A Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight versions prior to 8.1.0 due to improper input validation. This flaw could allow an attacker to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions or data exposure.",Vmware,Vmware Vrealize Log Insight,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-04-15T17:20:09.000Z,0
CVE-2020-3954,https://securityvulnerability.io/vulnerability/CVE-2020-3954,Open Redirect Vulnerability in VMware vRealize Log Insight,"An Open Redirect vulnerability exists in VMware vRealize Log Insight prior to version 8.1.0, stemming from inadequate input validation. This flaw allows attackers to manipulate redirection paths for users, potentially leading them to malicious URLs. Proper validation measures should be implemented to safeguard against unauthorized redirection and protect sensitive data.",Vmware,Vmware Vrealize Log Insight,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-04-15T17:17:17.000Z,0
CVE-2018-6980,https://securityvulnerability.io/vulnerability/CVE-2018-6980,,VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.,Vmware,Vmware Vrealize Log Insight,7.2,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2018-11-13T22:00:00.000Z,0
CVE-2016-5332,https://securityvulnerability.io/vulnerability/CVE-2016-5332,,Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.,Vmware,Vrealize Log Insight,5.3,MEDIUM,0.003269999986514449,false,,false,false,false,,,false,false,,2016-08-31T01:00:00.000Z,0
CVE-2016-2081,https://securityvulnerability.io/vulnerability/CVE-2016-2081,,Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,Vmware,Vrealize Log Insight,6.1,MEDIUM,0.0012499999720603228,false,,false,false,false,,,false,false,,2016-07-03T01:00:00.000Z,0
CVE-2016-2082,https://securityvulnerability.io/vulnerability/CVE-2016-2082,,Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.,Vmware,Vrealize Log Insight,8.8,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2016-07-03T01:00:00.000Z,0