CVE-2022-31711

Vulnerability updated 4 months ago (2024-05-04T21:18:31.301Z)

Download STIX

Preview STIX

CVE-2022-31711 is a medium-severity information-disclosure vulnerability that was disclosed last week by VMware, along with two other bugs: CVE-2022-31706, a directory traversal bug, and CVE-2022-31704, a broken access control flaw. This trio of vulnerabilities could potentially compromise the security of VMware's vRealize Log Insight software. The specific threat posed by CVE-2022-31711 is that it allows attackers to harvest data without authentication, thereby gaining unauthorized access to sensitive session and application information. The vulnerabilities were part of a cache that also included another flaw, which has been addressed by VMware. In response to these threats, Check Point IPS has provided protection against them, specifically for VMware vRealize Log Insight Information Disclosure (CVE-2022-31711) and VMware vRealize Log Insight Directory Traversal (CVE-2022-31706). These measures are intended to safeguard users' systems from potential attacks exploiting these vulnerabilities. Despite these protective measures, if a user determines they have been compromised due to these vulnerabilities, additional investigation will be required to assess the extent of the damage inflicted by the attacker. It's crucial to understand the potential consequences of these vulnerabilities, as they could lead to significant breaches of privacy and security. Users are advised to keep their systems updated and monitor their networks for any signs of unusual activity.

Description last updated: 2024-05-04T21:17:01.443Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vmware

Vrealize

Traversal

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

ID	Type	Votes	Profile Description
CVE-2022-31706	Unspecified	2	CVE-2022-31706 is a critical directory traversal vulnerability found in VMware's vRealize Log Insight software. This flaw, along with another broken access control vulnerability (CVE-2022-31704), and an information disclosure bug (CVE-2022-31711), carries severity scores of 9.8 out of 10 on the CVSS

Source Document References

Information about the CVE-2022-31711 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	10 months ago	VMware warns admins of public exploit for vRealize RCE flaw
DARKReading	2 years ago	Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code
CERT-EU	2 years ago	PoC Exploit Released for VMware RCE Bug
Securityaffairs	2 years ago	Experts released VMware vRealize Log RCE exploit
CSO Online	2 years ago	Remote code execution exploit chain available for VMware vRealize Log Insight
Checkpoint	2 years ago	6th February – Threat Intelligence Report - Check Point Research