CVE-2022-31706

Vulnerability Profile Updated 2 months ago
Download STIX
Preview STIX
CVE-2022-31706 is a critical directory traversal vulnerability found in VMware's vRealize Log Insight software. This flaw, along with another broken access control vulnerability (CVE-2022-31704), and an information disclosure bug (CVE-2022-31711), carries severity scores of 9.8 out of 10 on the CVSS scale. These vulnerabilities could potentially allow an unauthenticated malicious actor to inject files into the operating system of an affected appliance, leading to remote code execution. The vulnerabilities were publicly disclosed in a VMware advisory. The first vulnerability, CVE-2022-31706, is particularly concerning as it involves directory traversal, a type of attack that allows attackers to access restricted directories and execute commands outside of the web server's root directory. Coupled with the second vulnerability, CVE-2022-31704, which is a broken access control flaw, these security issues pose serious threats to systems running the affected software. The third vulnerability, CVE-2022-31711, is an information disclosure bug that could allow attackers to gain access to sensitive session and application information, further exacerbating the potential impact of an attack. In response to these threats, Check Point IPS has developed protection measures against these vulnerabilities. However, it is strongly recommended that users of the affected VMware vRealize Log Insight software test and deploy the patch provided by VMware as soon as possible. By promptly addressing these vulnerabilities, organizations can significantly reduce the risk of exploitation and potential damage from these high-severity threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vrealize
Vulnerability
Vmware
Traversal
bugs
Remote Code ...
Exploit
Poc
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2022-31711Unspecified
2
CVE-2022-31711 is a medium-severity information-disclosure vulnerability that was disclosed last week by VMware, along with two other bugs: CVE-2022-31706, a directory traversal bug, and CVE-2022-31704, a broken access control flaw. This trio of vulnerabilities could potentially compromise the secur
CVE-2022-31704Unspecified
2
None
Source Document References
Information about the CVE-2022-31706 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
a year ago
Experts released VMware vRealize Log RCE exploit
CSO Online
a year ago
Remote code execution exploit chain available for VMware vRealize Log Insight
Checkpoint
a year ago
6th February – Threat Intelligence Report - Check Point Research
CERT-EU
8 months ago
VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs
CERT-EU
8 months ago
VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs
DARKReading
a year ago
Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code
CERT-EU
8 months ago
VMware warns admins of public exploit for vRealize RCE flaw
Securityaffairs
8 months ago
Experts released PoC exploit code for VMware Aria Operations for Logs flaw
Securityaffairs
a year ago
VMware Workstation update fixes an arbitrary file deletion bug
CERT-EU
a year ago
PoC Exploit Released for VMware RCE Bug