CVE-2022-31706

Vulnerability updated 8 days ago (2024-11-29T14:07:57.155Z)
Download STIX
Preview STIX
CVE-2022-31706 is a critical directory traversal vulnerability found in VMware's vRealize Log Insight software. This flaw, along with another broken access control vulnerability (CVE-2022-31704), and an information disclosure bug (CVE-2022-31711), carries severity scores of 9.8 out of 10 on the CVSS scale. These vulnerabilities could potentially allow an unauthenticated malicious actor to inject files into the operating system of an affected appliance, leading to remote code execution. The vulnerabilities were publicly disclosed in a VMware advisory. The first vulnerability, CVE-2022-31706, is particularly concerning as it involves directory traversal, a type of attack that allows attackers to access restricted directories and execute commands outside of the web server's root directory. Coupled with the second vulnerability, CVE-2022-31704, which is a broken access control flaw, these security issues pose serious threats to systems running the affected software. The third vulnerability, CVE-2022-31711, is an information disclosure bug that could allow attackers to gain access to sensitive session and application information, further exacerbating the potential impact of an attack. In response to these threats, Check Point IPS has developed protection measures against these vulnerabilities. However, it is strongly recommended that users of the affected VMware vRealize Log Insight software test and deploy the patch provided by VMware as soon as possible. By promptly addressing these vulnerabilities, organizations can significantly reduce the risk of exploitation and potential damage from these high-severity threats.
Description last updated: 2024-05-04T21:17:01.766Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vrealize
Vulnerability
Vmware
Traversal
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2022-31711 Vulnerability is associated with CVE-2022-31706. CVE-2022-31711 is a medium-severity information-disclosure vulnerability that was disclosed last week by VMware, along with two other bugs: CVE-2022-31706, a directory traversal bug, and CVE-2022-31704, a broken access control flaw. This trio of vulnerabilities could potentially compromise the securUnspecified
2
The vulnerability CVE-2022-31704 is associated with CVE-2022-31706. Unspecified
2
Source Document References
Information about the CVE-2022-31706 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more