cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-20864,https://securityvulnerability.io/vulnerability/CVE-2023-20864,Deserialization Vulnerability in VMware Aria Operations for Logs,"VMware Aria Operations for Logs is affected by a deserialization vulnerability that allows unauthenticated attackers with network access to execute arbitrary code with root privileges. This vulnerability poses a significant risk as it can be exploited remotely, enabling malicious actors to gain unauthorized access and potentially compromise system integrity. Organizations utilizing this product should take immediate action to implement patches and ensure their systems are secure against potential exploit attempts.",Vmware,VMware Aria Operations for Logs (formerly vRealize Log Insight),9.8,CRITICAL,0.26137998700141907,false,false,false,false,,false,false,2023-04-20T00:00:00.000Z,0
CVE-2023-20865,https://securityvulnerability.io/vulnerability/CVE-2023-20865,Command Injection Vulnerability in VMware Aria Operations for Logs,"A command injection vulnerability has been identified in VMware Aria Operations for Logs. This flaw allows an attacker with administrative access to execute arbitrary commands with root privileges, potentially leading to unauthorized access and control over the affected system. It is essential for organizations using this product to investigate and apply the recommended security patches to mitigate the risks associated with this vulnerability.",Vmware,VMware Aria Operations for Logs (formerly vRealize Log Insight),7.2,HIGH,0.000910000002477318,false,false,false,false,,false,false,2023-04-20T00:00:00.000Z,0
CVE-2022-31704,https://securityvulnerability.io/vulnerability/CVE-2022-31704,Broken Access Control in VMware vRealize Log Insight,"VMware vRealize Log Insight is exposed to a broken access control flaw that allows unauthenticated attackers to exploit the system by remotely injecting malicious code into its sensitive files. This vulnerability could lead to significant security breaches, as it enables unauthorized access and manipulation of critical application functionalities. It is crucial for organizations using affected versions of vRealize Log Insight to implement necessary patches and security measures to safeguard their systems.",Vmware,Vrealize Log Insight (vrli),9.8,CRITICAL,0.005450000055134296,false,false,false,false,,false,false,2023-01-26T21:15:00.000Z,0
CVE-2022-31706,https://securityvulnerability.io/vulnerability/CVE-2022-31706,Directory Traversal Vulnerability in VMware vRealize Log Insight,"The vRealize Log Insight product from VMware is susceptible to a directory traversal vulnerability. This flaw allows a malicious actor without authentication to exploit the system and inject files into the appliance's operating system. Such actions can lead to unauthorized remote code execution, posing significant risks to the integrity and security of the affected systems. Users of vRealize Log Insight should apply the recommended patches from VMware to mitigate potential threats as outlined in the security advisories.",Vmware,Vrealize Log Insight (vrli),9.8,CRITICAL,0.007710000034421682,false,false,false,false,,false,false,2023-01-26T21:15:00.000Z,0
CVE-2022-31710,https://securityvulnerability.io/vulnerability/CVE-2022-31710,Deserialization Vulnerability in vRealize Log Insight by VMware,"A significant deserialization vulnerability has been discovered in vRealize Log Insight, where an unauthenticated malicious actor can exploit this flaw to trigger the deserialization of untrusted data. This exploitation may lead to a denial of service, compromising the availability of the application. It's essential for users to apply the necessary updates to safeguard their systems from potential attacks that exploit this vulnerability.",Vmware,Vrealize Log Insight (vrli),7.5,HIGH,0.001339999958872795,false,false,false,false,,false,false,2023-01-26T21:15:00.000Z,0
CVE-2022-31711,https://securityvulnerability.io/vulnerability/CVE-2022-31711,,VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.,Vmware,Vrealize Log Insight (vrli),5.3,MEDIUM,0.0026599999982863665,false,false,false,false,,false,false,2023-01-25T00:00:00.000Z,0
CVE-2022-31703,https://securityvulnerability.io/vulnerability/CVE-2022-31703,,"The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.",Vmware,Vrealize Log Insight (vrli),7.5,HIGH,0.001500000013038516,false,false,false,false,,false,false,2022-12-14T00:00:00.000Z,0
CVE-2022-31655,https://securityvulnerability.io/vulnerability/CVE-2022-31655,,VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.,Vmware,Vmware Vrealize Log Insight,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2022-07-12T20:44:46.000Z,0
CVE-2022-31654,https://securityvulnerability.io/vulnerability/CVE-2022-31654,,VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.,Vmware,Vmware Vrealize Log Insight,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2022-07-12T20:43:09.000Z,0
CVE-2021-22035,https://securityvulnerability.io/vulnerability/CVE-2021-22035,,VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.,Vmware,Vmware Vrealize Log Insight,4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-10-13T15:50:54.000Z,0
CVE-2021-22021,https://securityvulnerability.io/vulnerability/CVE-2021-22021,,VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.,Vmware,Vmware Vrealize Log Insight,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-08-30T18:06:13.000Z,0
CVE-2020-3953,https://securityvulnerability.io/vulnerability/CVE-2020-3953,,Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.,Vmware,Vmware Vrealize Log Insight,4.8,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-04-15T17:20:09.000Z,0
CVE-2020-3954,https://securityvulnerability.io/vulnerability/CVE-2020-3954,,Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.,Vmware,Vmware Vrealize Log Insight,6.1,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2020-04-15T17:17:17.000Z,0
CVE-2018-6980,https://securityvulnerability.io/vulnerability/CVE-2018-6980,,VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.,Vmware,Vmware Vrealize Log Insight,7.2,HIGH,0.001019999966956675,false,false,false,false,,false,false,2018-11-13T22:00:00.000Z,0
CVE-2016-5332,https://securityvulnerability.io/vulnerability/CVE-2016-5332,,Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.,Vmware,Vrealize Log Insight,5.3,MEDIUM,0.003269999986514449,false,false,false,false,,false,false,2016-08-31T01:00:00.000Z,0
CVE-2016-2082,https://securityvulnerability.io/vulnerability/CVE-2016-2082,,Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.,Vmware,Vrealize Log Insight,8.8,HIGH,0.0008999999845400453,false,false,false,false,,false,false,2016-07-03T01:00:00.000Z,0
CVE-2016-2081,https://securityvulnerability.io/vulnerability/CVE-2016-2081,,Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,Vmware,Vrealize Log Insight,6.1,MEDIUM,0.0012499999720603228,false,false,false,false,,false,false,2016-07-03T01:00:00.000Z,0