CVE-2022-31706

Vulnerability updated 4 months ago (2024-05-04T21:18:02.839Z)

Download STIX

Preview STIX

CVE-2022-31706 is a critical directory traversal vulnerability found in VMware's vRealize Log Insight software. This flaw, along with another broken access control vulnerability (CVE-2022-31704), and an information disclosure bug (CVE-2022-31711), carries severity scores of 9.8 out of 10 on the CVSS scale. These vulnerabilities could potentially allow an unauthenticated malicious actor to inject files into the operating system of an affected appliance, leading to remote code execution. The vulnerabilities were publicly disclosed in a VMware advisory. The first vulnerability, CVE-2022-31706, is particularly concerning as it involves directory traversal, a type of attack that allows attackers to access restricted directories and execute commands outside of the web server's root directory. Coupled with the second vulnerability, CVE-2022-31704, which is a broken access control flaw, these security issues pose serious threats to systems running the affected software. The third vulnerability, CVE-2022-31711, is an information disclosure bug that could allow attackers to gain access to sensitive session and application information, further exacerbating the potential impact of an attack. In response to these threats, Check Point IPS has developed protection measures against these vulnerabilities. However, it is strongly recommended that users of the affected VMware vRealize Log Insight software test and deploy the patch provided by VMware as soon as possible. By promptly addressing these vulnerabilities, organizations can significantly reduce the risk of exploitation and potential damage from these high-severity threats.

Description last updated: 2024-05-04T21:17:01.766Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vrealize

Vulnerability

Vmware

Traversal

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

ID	Type	Votes	Profile Description
CVE-2022-31711	Unspecified	2	CVE-2022-31711 is a medium-severity information-disclosure vulnerability that was disclosed last week by VMware, along with two other bugs: CVE-2022-31706, a directory traversal bug, and CVE-2022-31704, a broken access control flaw. This trio of vulnerabilities could potentially compromise the secur
CVE-2022-31704	Unspecified	2	None

Source Document References

Information about the CVE-2022-31706 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	10 months ago	Experts released PoC exploit code for VMware Aria Operations for Logs flaw
CERT-EU	10 months ago	VMware warns admins of public exploit for vRealize RCE flaw
CERT-EU	10 months ago	VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs
CERT-EU	a year ago	VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs
DARKReading	2 years ago	Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code
CERT-EU	2 years ago	PoC Exploit Released for VMware RCE Bug
Securityaffairs	2 years ago	Experts released VMware vRealize Log RCE exploit
CSO Online	2 years ago	Remote code execution exploit chain available for VMware vRealize Log Insight
Securityaffairs	2 years ago	VMware Workstation update fixes an arbitrary file deletion bug
Checkpoint	2 years ago	6th February – Threat Intelligence Report - Check Point Research